security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
75c332ac528e48d360f6dcfdbfbb258bc7ba6baf
atomic-red-team/atomics/T1069/T1069.md
T
CircleCI Atomic Red Team doc generator 75c332ac52 Generate docs from job=validate_atomics_generate_docs branch=master
2019-08-29 22:18:28 +00:00

1.9 KiB
Raw Blame History

T1069 - Permission Groups Discovery

Description from ATT&CK

Adversaries may attempt to find local system or domain-level groups and permissions settings.

Windows

Examples of commands that can list groups are net group /domain and net localgroup using the Net utility.

Mac

On Mac, this same thing can be accomplished with the dscacheutil -q group for the domain, or dscl . -list /Groups for local groups.

Linux

On Linux, local groups can be enumerated with the groups command and domain groups via the ldapsearch command.

Atomic Tests


Atomic Test #1 - Permission Groups Discovery

Permission Groups Discovery

Supported Platforms: macOS, Linux

Run it with sh! ```

dscacheutil -q group dscl . -list /Groups groups

<br/>
<br/>

## Atomic Test #2 - Permission Groups Discovery Windows
Permission Groups Discovery for Windows

**Supported Platforms:** Windows


#### Run it with `command_prompt`! ```
net localgroup
net group /domain


Atomic Test #3 - Permission Groups Discovery PowerShell

Permission Groups Discovery utilizing PowerShell

Supported Platforms: Windows

Inputs

Name Description Type Default Value
user User to identify what groups a user is a member of string administrator

Run it with powershell! ```

get-localgroup get-ADPrinicipalGroupMembership #{user} | select name

<br/>
Reference in New Issue View Git Blame Copy Permalink