Detections
Analytics
Valid Accounts: Domain Accounts
Description
Adversaries may obtain and abuse credentials of a domain account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.[1] Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover users, administrators, and services.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Active Directory | Standard AD User | LDAP | List of Domain Computers and Users | ||
| Tenable Vulnerability Management | AD Start or Identity Scan | Active Directory | Authenticated AD User | LDAP | List of Domain Users | Plugin ID: 167250 |
| Tenable Vulnerability Management | AD Start or Identity Scan | Active Directory | Authenticated AD User | LDAP | List of Domain Groups | Plugin ID: 167251 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Defense Evasion, Persistence, Privilege Escalation, Initial Access
Technique: Valid Accounts
Sub-Technique: Domain Accounts
Platform: Windows
Products Required: Tenable Identity Exposure or Tenable Vulnerability Management
Tenable Release Date: 2022 Q2