-
Notifications
You must be signed in to change notification settings - Fork 86
GroupMembers
Tony Phipps edited this page Mar 16, 2018
·
4 revisions
Tactic: Defense Evasion, Persistence, Privilege Escalation
- Select Name, GroupName, GroupDescription; aggregate
Look for suspicious account behavior across systems that share accounts, either user, admin, or service accounts.
Perform regular audits of domain and local system accounts to detect accounts that may have been created by an adversary for persistence.