Home > CAPEC List > CAPEC-577: Owner Footprinting (Version 2.11)  

CAPEC-577: Owner Footprinting

Owner Footprinting
Definition in a New Window Definition in a New Window
Attack Pattern ID: 577
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

Adversaries may attempt to identify the primary users of the system. They may do this, for example, by reviewing logins or file modification times. An example Windows command that may accomplish this is "dir /A ntuser.dat". Which will display the last modified time of a user's ntuser.dat file when run within the root folder of a user. This time is synonymous with the last time that user was logged in. Administrator permissions are required to view the home folder of other users.

+ Solutions and Mitigations

Ensure that proper permissions on files and folders are enacted to limit accessibility.

+ References
[R.577.1] ATT&CK Project. "Owner/user enumeration (1033)". MITRE. <https://attack.mitre.org/wiki/Owner/user_enumeration>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017