T1087
Adversaries may attempt to get a listing of local system or domain accounts.
Adding it as PBA:
- LINUX: copy contents of /etc/passwd by using grep along with it in order to display only user accounts (i.e. those with UID > 1000) in the report (?)
- WINDOWS: copy user details - follow this
Mapping the technique to the ATT&CK matrix
T1087
Adversaries may attempt to get a listing of local system or domain accounts.
Adding it as PBA:
- LINUX: copy contents of
/etc/passwdby usinggrepalong with it in order to display only user accounts (i.e. those with UID > 1000) in the report (?)- WINDOWS: copy user details - follow this
Mapping the technique to the ATT&CK matrix