Name | Group Permission Footprinting |
Summary | An adversary exploits functionality meant to identify information about user groups and their permissions on the target system to an authorized user. By knowing what users/permissions are registered on the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command which can list local groups is "net localgroup". |
Prerequisites | The adversary must have gained access to the target system via physical or logical means in order to carry out this attack. |
Solutions | Identify programs (such as "net") that may be used to enumerate local group permissions and block them by using a software restriction Policy or tools that restrict program execution by process whitelisting. |
Related Weaknesses |
CWE ID | Description |
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
|