Standardlikelihood: Lowseverity: LowStable

CAPEC-576Group Permission Footprinting

Abstraction
Standard
Status
Stable
Likelihood
Low
Severity
Low

Description

An adversary exploits functionality meant to identify information about user groups and their permissions on the target system to an authorized user. By knowing what users/permissions are registered on the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command which can list local groups is "net localgroup".

Related weaknesses· 1

CWE-200

MITRE ATT&CK crosswalk· 2

T1069: Permission Groups DiscoveryT1615: Group Policy Discovery

Related attack patterns· 1

CAPEC-169 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related to2

TypeTargetConfidenceTier
TechniqueGroup Policy Discoveryt1615100%live
TechniquePermission Groups Discoveryt1069100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Account Footprinting
CAPEC
Process Footprinting
CAPEC
Services Footprinting
Sub-technique
Local Groups
CAPEC
Owner Footprinting
Sub-technique
Domain Groups
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.