T1069 Permission Groups Discovery Mappings

Adversaries may attempt to discover group and permission settings. This information can help adversaries determine which user accounts and groups are available, the membership of users in particular groups, and which users and groups have elevated permissions.

Adversaries may attempt to discover group permission settings in many different ways. This data may provide the adversary with information about the compromised environment that can be used in follow-on activity and targeting.(Citation: CrowdStrike BloodHound April 2018)



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
DEF-SECA-E3 Security Alerts Technique Scores T1069 Permission Groups Discovery

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1069.002 Domain Groups 1