Valid Accounts: Domain Accounts

Description

Adversaries may obtain and abuse credentials of a domain account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.[1] Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover users, administrators, and services.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Identity ExposureActive DirectoryStandard AD UserLDAPList of Domain Computers and Users
Tenable Vulnerability ManagementAD Start or Identity ScanActive DirectoryAuthenticated AD UserLDAPList of Domain Users Plugin ID: 167250

References

LDAP Active Directory - Person Enumeration

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Defense Evasion, Persistence, Privilege Escalation, Initial Access

Technique: Valid Accounts

Sub-Technique: Domain Accounts

Platform: Windows

Tenable Release Date: 2022 Q2