security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cfa399357b4ecc0d893ceeebac4e4e1adfbbae0f
atomic-red-team/Windows/Discovery/System Owner-User Discovery.md
T
Michael Haag 87743faf73 Discovery 
+ Added a Discovery bat file to run all the things at once. Generally, none of this activity is deemed "evil" as it is recon activity. Seeing it all run at once should be suspect to anyone.
+ Updates to two discovery files.
2017-10-12 10:35:44 -07:00

357 B
Raw Blame History

System Owner/User Discovery

MITRE ATT&CK Technique: T1018

cmd.exe

"cmd.exe" /C whoami

wmic.exe

wmic useraccount get /ALL

quser

Remote:

quser /SERVER:"<computername>"

Local:

quser

qwinsta

Remote:

qwinsta.exe" /server:<computername>

Local:

qwinsta.exe
Reference in New Issue View Git Blame Copy Permalink