SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
esentutl
esentutl is a command-line tool that provides database utilities for the Windows Extensible Storage Engine.[1]
ID: S0404
Associated Software: esentutl.exe
Type: TOOL
Platforms: Windows
Contributors: Matthew Demaske, Adaptforward
Version: 1.1
Created: 03 September 2019
Last Modified: 20 March 2020
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1564 | .004 | Hide Artifacts: NTFS File Attributes |
esentutl can be used to read and write alternate data streams.[2] |
Enterprise | T1105 | Ingress Tool Transfer | ||
Enterprise | T1570 | Lateral Tool Transfer |
esentutl can be used to copy files to/from a remote share.[2] |
|
Enterprise | T1003 | .003 | OS Credential Dumping: NTDS |
esentutl can use Volume Shadow Copy to copy locked files such as ntds.dit.[2][3] |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0045 | menuPass |
References
×