Skip to content

Hide Navigation Hide TOC

AD Groups Or Users Enumeration Using PowerShell - PoshModule (815bfc17-7fc6-4908-a55e-2f37b98cedb4)

Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain-level permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators.

Cluster A Galaxy A Cluster B Galaxy B Level
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern AD Groups Or Users Enumeration Using PowerShell - PoshModule (815bfc17-7fc6-4908-a55e-2f37b98cedb4) Sigma-Rules 1
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2