Permission Groups Discovery: Local Groups

Description

Adversaries may attempt to find local system groups and permission settings. The knowledge of local system permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as the users found within the local administrators group.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable.ioAdvanced Network ScanWindows machinesAuthenticated ScanWMIList of Local Users, Groups and MembershipsPlugin ID: 71246

References

Enumerate Local Group Memberships

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Discovery

Sub-Technique: Local Groups

Platform: Windows

Products Required: Tenable.io

Tenable Release Date: 2022 Q2