Permission Groups Discovery: Domain Groups

Description

Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain-level permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Identity ExposureActive DirectoryStandard AD UserLDAPList of Domain Groups and Memberships
Tenable Vulnerability ManagementAD Start or Identity ScanActive DirectoryAuthenticated AD UserLDAPList of Domain GroupsPlugin ID: 167251

References

LDAP Active Directory - Group Enumeration

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Discovery

Sub-Technique: Domain Groups

Platform: Windows

Tenable Release Date: 2022 Q2