Which term refers to simulating domain controller behavior to retrieve passwords?

Simulating domain controller behavior to retrieve passwords is describing a technique that exploits the domain replication process to pull credential data from other domain controllers. This method, often used by attackers with enough privileges, uses the same replication channels that legitimate domain controllers rely on to request and obtain password hashes and related credentials from NTDS data. By posing as a domain controller, an attacker can extract password material (such as hashes) for offline cracking without actually promoting a rogue DC into the environment. This approach contrasts with other concepts like DCShadow, which involves introducing a fake DC to intervene in replication and modify AD data, rather than just harvesting credentials. The other terms listed don’t describe this credential-extraction through replication.