security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4fb62d48752dba61baac58a21c6de0dacbad19e9
atomic-red-team/atomics/T1069/T1069.md
T
CircleCI Atomic Red Team doc generator a226e2aa2e Generate docs from job=validate_atomics_generate_docs branch=master
2019-09-17 19:09:17 +00:00

1.3 KiB
Raw Blame History

T1069 - Permission Groups Discovery

Description from ATT&CK

Adversaries may attempt to find local system or domain-level groups and permissions settings.

Windows

Examples of commands that can list groups are net group /domain and net localgroup using the Net utility.

Mac

On Mac, this same thing can be accomplished with the dscacheutil -q group for the domain, or dscl . -list /Groups for local groups.

Linux

On Linux, local groups can be enumerated with the groups command and domain groups via the ldapsearch command.

Atomic Tests


Atomic Test #1 - Elevated group enumeration using net group

Runs 'net group' command including command aliases and loose typing to simulate enumeration/discovery of high value domain groups

Supported Platforms: Windows

Run it with command_prompt!

net group /domai 'Domain Admins'
net groups 'Account Operators' /doma
net groups 'Exchange Organization Management' /doma
net group 'BUILTIN\Backup Operators' /doma

Reference in New Issue View Git Blame Copy Permalink