1. Home
  2. Software
  3. dsquery

dsquery

dsquery is a command-line utility that can be used to query Active Directory for information from a system within a domain. [1] It is typically installed only on Windows Server versions but can be installed on non-server variants through the Microsoft-provided Remote Server Administration Tools bundle.

ID: S0105
Associated Software: dsquery.exe
Type: TOOL
Platforms: Windows
Version: 1.2
Created: 31 May 2017
Last Modified: 18 March 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1087 .002 Account Discovery: Domain Account

dsquery can be used to gather information on user accounts within a domain.[1]
Enterprise T1482 Domain Trust Discovery

dsquery can be used to gather information on domain trusts with dsquery * -filter "(objectClass=trustedDomain)" -attr *.[2]
Enterprise T1069 .002 Permission Groups Discovery: Domain Groups

dsquery can be used to gather information on permission groups within a domain.[1]

Groups That Use This Software

ID Name References
G0061 FIN8

[3]
G0116 Operation Wocao

[4]

References

  1. Microsoft. (n.d.). Dsquery. Retrieved April 18, 2016.
  2. Schroeder, W. (2017, October 30). A Guide to Attacking Domain Trusts. Retrieved February 14, 2019.
  1. Elovitz, S. & Ahl, I. (2016, August 18). Know Your Enemy: New Financially-Motivated & Spear-Phishing Group. Retrieved February 26, 2018.
  2. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.