Get-ADUser Enumeration Using UserAccountControl Flags (96c982fe-3d08-4df4-bed2-eb14e02f21c8)
Detects AS-REP roasting is an attack that is often-overlooked. It is not very common as you have to explicitly set accounts that do not require pre-authentication.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) | Attack Pattern | Get-ADUser Enumeration Using UserAccountControl Flags (96c982fe-3d08-4df4-bed2-eb14e02f21c8) | Sigma-Rules | 1 |