CAPEC-576: Group Permission Footprinting
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary exploits functionality meant to identify information about user groups and their permissions on the target system to an authorized user. By knowing what users/permissions are registered on the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command which can list local groups is "net localgroup".
前提条件
- The adversary must have gained access to the target system via physical or logical means in order to carry out this attack.
后果影响
影响范围: Confidentiality
技术影响: Other
影响范围: Confidentiality Access Control Authorization
技术影响: Bypass Protection Mechanism
缓解措施
Identify programs (such as "net") that may be used to enumerate local group permissions and block them by using a software restriction Policy or tools that restrict program execution by using a process allowlist.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1069 | Permission Groups Discovery |
| ATTACK | 1615 | Group Policy Discovery |