Home > CAPEC List > CAPEC-576: Group Permission Footprinting (Version 2.11)  

CAPEC-576: Group Permission Footprinting

Group Permission Footprinting
Definition in a New Window Definition in a New Window
Attack Pattern ID: 576
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

Adversaries may get a listing of all local groups and their permissions and members. An example Windows command which can list local groups is "net localgroup".

+ Solutions and Mitigations

Identify programs (such as "net") that may be used to enumerate local group permissions and block them by using a software restriction Policy or tools that restrict program execution by process whitelisting.

+ References
[R.576.1] ATT&CK Project. "Group permissions enumeration (1069)". MITRE. <https://attack.mitre.org/wiki/Group_permissions_enumeration>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017