Permission Groups Discovery (T1069)
Tactic: Discovery · Platforms: Containers, IaaS, Identity Provider, Linux, macOS, Office Suite, SaaS, Windows
The interactive view maps 1 detection strategy, 6 threat groups, 6 software entries, 1 campaign to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may attempt to discover group and permission settings. This information can help adversaries determine which user accounts and groups are available, the membership of users in particular groups, and which users and groups have elevated permissions.
Adversaries may attempt to discover group permission settings in many different ways. This data may provide the adversary with information about the compromised environment that can be used in follow-on activity and targeting.