Jul 24 2018 11:26 AM
A domain controller shadow (DCShadow) attack is an attack designed to change directory objects using malicious replication. This attack can be performed from any machine by creating a rogue domain controller using a replication process.
DCShadow uses RPC and LDAP to:
Azure ATP detects the attack by 2 security alerts:
Stay tuned. Your feedback is welcome.