Tag

Ntds

1 brief RSS

NTDS or SAM Database File Copied

Detects copy operations of Active Directory Domain Database (ntds.dit) or Security Account Manager (SAM) files, potentially exposing sensitive hashed credentials on Windows systems.

Microsoft Defender XDR +2 credential-access windows ntds sam credential-theft

2r 1t Jan 1, 2024