GET /api/techniques/237/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 237,
"key": "domain-member",
"unprotect_id": "U1341",
"name": "Domain Member",
"description": "This technique determines if a host is a member of an Active Directory Domain without API calls. It helps prevent malicious payload execution in enterprise sandboxes that are not members of an Active Directory domain. The validation is done by checking the \"LoggonServer\" and \"ComputerName\" environment variables. If the host is logged into a domain controller, the \"LoggonServer\" value will contain the name of the logged-in server, otherwise both variables contain the same hostname. This information is stored in the process memory, allowing for undetectable domain membership validation without API calls.",
"resources": "",
"creation_date": "2023-01-30T00:03:56.393000Z",
"tags": "technique, Active Directory Domain, enterprise sandboxes, malicious payload, LoggonServer, ComputerName, domain controller, hostname, process memory, undetectable, API calls",
"modification_date": "2023-01-30T00:03:56.393000Z",
"category": [
1
],
"rules": [],
"attachments": [],
"featured_api": [],
"contributors": []
}
