Conti (Discovery)

Discover computers, shares, and numbers of computers in the domain. Enumerate the local, domain, and enterprise administrators, then dump hashes for potentially Kerberoastable accounts.
Authors:privateducky, mitre, w0rk3r, bfuzzy1, khyberspache, will schroeder (@harmj0y), tevora-threat, matthew graeber (@mattifestation), outflanknl

Execute this chain

Download Operator (1.7.1)
Learn about Operator

TTPs

Permission Groups Discovery
Discover domain controller
Enumerate number of computers in the domain
Enumerate local user and domain
Enumerate domain administrator objects
Enumerate local administrators
Enumerate enterprise administrator objects
Find domain systems user is logged into
Enumerate computers in the domain
Enumerate shares in the domain
Dump account hashes using AS-REP roasting
Retrieve unsecured information in GPP
Dump hashes for kerberoastable accounts to disk

Tags

conti, hafnium, apt29 scenario 1, apt29