AdsiSearcher Account Discovery |
Domain Account, Account Discovery |
TTP |
Domain Account Discovery with Dsquery |
Domain Account, Account Discovery |
Hunting |
Domain Account Discovery With Net App |
Domain Account, Account Discovery |
TTP |
Domain Account Discovery with Wmic |
Domain Account, Account Discovery |
TTP |
Domain Controller Discovery with Nltest |
Remote System Discovery |
TTP |
Domain Controller Discovery with Wmic |
Remote System Discovery |
Hunting |
Domain Group Discovery with Adsisearcher |
Permission Groups Discovery, Domain Groups |
TTP |
Domain Group Discovery With Dsquery |
Permission Groups Discovery, Domain Groups |
Hunting |
Domain Group Discovery With Net |
Permission Groups Discovery, Domain Groups |
Hunting |
Domain Group Discovery With Wmic |
Permission Groups Discovery, Domain Groups |
Hunting |
DSQuery Domain Discovery |
Domain Trust Discovery |
TTP |
Elevated Group Discovery With Net |
Permission Groups Discovery, Domain Groups |
TTP |
Elevated Group Discovery with PowerView |
Permission Groups Discovery, Domain Groups |
Hunting |
Elevated Group Discovery With Wmic |
Permission Groups Discovery, Domain Groups |
TTP |
Get ADDefaultDomainPasswordPolicy with Powershell |
Password Policy Discovery |
Hunting |
Get ADDefaultDomainPasswordPolicy with Powershell Script Block |
Password Policy Discovery |
Hunting |
Get ADUser with PowerShell |
Domain Account, Account Discovery |
Hunting |
Get ADUser with PowerShell Script Block |
Domain Account, Account Discovery |
Hunting |
Get ADUserResultantPasswordPolicy with Powershell |
Password Policy Discovery |
TTP |
Get ADUserResultantPasswordPolicy with Powershell Script Block |
Password Policy Discovery |
TTP |
Get DomainPolicy with Powershell |
Password Policy Discovery |
TTP |
Get DomainPolicy with Powershell Script Block |
Password Policy Discovery |
TTP |
Get-DomainTrust with PowerShell |
Domain Trust Discovery |
TTP |
Get-DomainTrust with PowerShell Script Block |
Domain Trust Discovery |
TTP |
Get DomainUser with PowerShell |
Domain Account, Account Discovery |
TTP |
Get DomainUser with PowerShell Script Block |
Domain Account, Account Discovery |
TTP |
Get-ForestTrust with PowerShell |
Domain Trust Discovery |
TTP |
Get-ForestTrust with PowerShell Script Block |
Domain Trust Discovery, PowerShell |
TTP |
Get WMIObject Group Discovery |
Permission Groups Discovery, Local Groups |
Hunting |
Get WMIObject Group Discovery with Script Block Logging |
Permission Groups Discovery, Local Groups |
Hunting |
GetAdComputer with PowerShell |
Remote System Discovery |
Hunting |
GetAdComputer with PowerShell Script Block |
Remote System Discovery |
Hunting |
GetAdGroup with PowerShell |
Permission Groups Discovery, Domain Groups |
Hunting |
GetAdGroup with PowerShell Script Block |
Permission Groups Discovery, Domain Groups |
Hunting |
GetCurrent User with PowerShell |
System Owner/User Discovery |
Hunting |
GetCurrent User with PowerShell Script Block |
System Owner/User Discovery |
Hunting |
GetDomainComputer with PowerShell |
Remote System Discovery |
TTP |
GetDomainComputer with PowerShell Script Block |
Remote System Discovery |
TTP |
GetDomainController with PowerShell |
Remote System Discovery |
Hunting |
GetDomainController with PowerShell Script Block |
Remote System Discovery |
TTP |
GetDomainGroup with PowerShell |
Permission Groups Discovery, Domain Groups |
TTP |
GetDomainGroup with PowerShell Script Block |
Permission Groups Discovery, Domain Groups |
TTP |
GetLocalUser with PowerShell |
Account Discovery, Local Account |
Hunting |
GetLocalUser with PowerShell Script Block |
Account Discovery, Local Account, PowerShell |
Hunting |
GetNetTcpconnection with PowerShell |
System Network Connections Discovery |
Hunting |
GetNetTcpconnection with PowerShell Script Block |
System Network Connections Discovery |
Hunting |
GetWmiObject Ds Computer with PowerShell |
Remote System Discovery |
TTP |
GetWmiObject Ds Computer with PowerShell Script Block |
Remote System Discovery |
TTP |
GetWmiObject Ds Group with PowerShell |
Permission Groups Discovery, Domain Groups |
TTP |
GetWmiObject Ds Group with PowerShell Script Block |
Permission Groups Discovery, Domain Groups |
TTP |
GetWmiObject DS User with PowerShell |
Domain Account, Account Discovery |
TTP |
GetWmiObject DS User with PowerShell Script Block |
Domain Account, Account Discovery |
TTP |
GetWmiObject User Account with PowerShell |
Account Discovery, Local Account |
Hunting |
GetWmiObject User Account with PowerShell Script Block |
Account Discovery, Local Account, PowerShell |
Hunting |
Local Account Discovery with Net |
Account Discovery, Local Account |
Hunting |
Local Account Discovery With Wmic |
Account Discovery, Local Account |
Hunting |
Net Localgroup Discovery |
Permission Groups Discovery, Local Groups |
Hunting |
Network Connection Discovery With Arp |
System Network Connections Discovery |
Hunting |
Network Connection Discovery With Net |
System Network Connections Discovery |
Hunting |
Network Connection Discovery With Netstat |
System Network Connections Discovery |
Hunting |
Network Discovery Using Route Windows App |
System Network Configuration Discovery, Internet Connection Discovery |
Hunting |
NLTest Domain Trust Discovery |
Domain Trust Discovery |
TTP |
Password Policy Discovery with Net |
Password Policy Discovery |
Hunting |
PowerShell Get LocalGroup Discovery |
Permission Groups Discovery, Local Groups |
Hunting |
Powershell Get LocalGroup Discovery with Script Block Logging |
Permission Groups Discovery, Local Groups |
Hunting |
Remote System Discovery with Adsisearcher |
Remote System Discovery |
TTP |
Remote System Discovery with Dsquery |
Remote System Discovery |
Hunting |
Remote System Discovery with Net |
Remote System Discovery |
Hunting |
Remote System Discovery with Wmic |
Remote System Discovery |
TTP |
ServicePrincipalNames Discovery with PowerShell |
Kerberoasting |
TTP |
ServicePrincipalNames Discovery with SetSPN |
Kerberoasting |
TTP |
System User Discovery With Query |
System Owner/User Discovery |
Hunting |
System User Discovery With Whoami |
System Owner/User Discovery |
Hunting |
User Discovery With Env Vars PowerShell |
System Owner/User Discovery |
Hunting |
User Discovery With Env Vars PowerShell Script Block |
System Owner/User Discovery |
Hunting |
Windows AD Abnormal Object Access Activity |
Account Discovery, Domain Account |
Anomaly |
Windows AD Privileged Object Access Activity |
Account Discovery, Domain Account |
TTP |
Windows File Share Discovery With Powerview |
Network Share Discovery |
TTP |
Windows Find Domain Organizational Units with GetDomainOU |
Account Discovery, Domain Account |
TTP |
Windows Find Interesting ACL with FindInterestingDomainAcl |
Account Discovery, Domain Account |
TTP |
Windows Forest Discovery with GetForestDomain |
Account Discovery, Domain Account |
TTP |
Windows Get Local Admin with FindLocalAdminAccess |
Account Discovery, Domain Account |
TTP |
Windows Hidden Schedule Task Settings |
Scheduled Task/Job |
TTP |
Windows Lateral Tool Transfer RemCom |
Lateral Tool Transfer |
TTP |
Windows Linked Policies In ADSI Discovery |
Domain Account, Account Discovery |
Anomaly |
Windows Network Share Interaction With Net |
Network Share Discovery, Data from Network Shared Drive |
TTP |
Windows PowerView AD Access Control List Enumeration |
Domain Accounts, Permission Groups Discovery |
TTP |
Windows Root Domain linked policies Discovery |
Domain Account, Account Discovery |
Anomaly |
Windows Service Create RemComSvc |
Windows Service, Create or Modify System Process |
Anomaly |
Windows Suspect Process With Authentication Traffic |
Account Discovery, Domain Account, User Execution, Malicious File |
Anomaly |
Wmic Group Discovery |
Permission Groups Discovery, Local Groups |
Hunting |