Skip to content

Latest commit

 

History

History
82 lines (48 loc) · 1.94 KB

T1069.md

File metadata and controls

82 lines (48 loc) · 1.94 KB

T1069 - Permission Groups Discovery

Description from ATT&CK

Adversaries may attempt to find local system or domain-level groups and permissions settings.

Windows

Examples of commands that can list groups are net group /domain and net localgroup using the Net utility.

Mac

On Mac, this same thing can be accomplished with the dscacheutil -q group for the domain, or dscl . -list /Groups for local groups.

Linux

On Linux, local groups can be enumerated with the groups command and domain groups via the ldapsearch command.

Atomic Tests


Atomic Test #1 - Permission Groups Discovery

Permission Groups Discovery

Supported Platforms: macOS, Linux

Run it with sh!

dscacheutil -q group
dscl . -list /Groups
groups


Atomic Test #2 - Permission Groups Discovery Windows

Permission Groups Discovery for Windows

Supported Platforms: Windows

Run it with command_prompt!

net localgroup
net group /domain


Atomic Test #3 - Permission Groups Discovery PowerShell

Permission Groups Discovery utilizing PowerShell

Supported Platforms: Windows

Inputs

Name Description Type Default Value
user User to identify what groups a user is a member of string administrator

Run it with powershell!

get-localgroup
get-ADPrinicipalGroupMembership #{user} | select name