Swelc
54 lines
1004 B
YAML
54 lines
1004 B
YAML
---
|
|
attack_technique: T1069
|
|
display_name: Permission Groups Discovery
|
|
|
|
atomic_tests:
|
|
- name: Permission Groups Discovery
|
|
description: |
|
|
Permission Groups Discovery
|
|
|
|
supported_platforms:
|
|
- macos
|
|
- linux
|
|
|
|
executor:
|
|
name: sh
|
|
command: |
|
|
dscacheutil -q group
|
|
dscl . -list /Groups
|
|
groups
|
|
|
|
- name: Permission Groups Discovery Windows
|
|
description: |
|
|
Permission Groups Discovery for Windows
|
|
|
|
supported_platforms:
|
|
- windows
|
|
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
net localgroup
|
|
net group /domain
|
|
|
|
- name: Permission Groups Discovery PowerShell
|
|
description: |
|
|
Permission Groups Discovery utilizing PowerShell
|
|
|
|
supported_platforms:
|
|
- windows
|
|
|
|
input_arguments:
|
|
user:
|
|
description: User to identify what groups a user is a member of
|
|
type: string
|
|
default: administrator
|
|
|
|
executor:
|
|
name: powershell
|
|
command: |
|
|
get-localgroup
|
|
get-ADPrinicipalGroupMembership #{user} | select name
|
|
|
|
|