T1069.002SubTechniquediscoveryagent-callable

T1069.002Domain Groups

Sub-technique of T1069

Platforms: Linux · macOS · Windows

ATT&CK version: 14.1

What it is

Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain-level permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators. Commands such as <code>net group /domain</code> of the [Net](https://attack.mitre.org/software/S0039) utility, <code>dscacheutil -q group</code> on macOS, and <code>ldapsearch</code> on Linux can list domain-level groups.

ATT&CK tactics· 1

Discovery

References

  1. https://attack.mitre.org/techniques/T1069/002
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.