Uncommon net group execution

Description

The 'net group' command is used to add, display, or modify domain-level groups. Adversaries may attempt to use the command to find domain-level groups and permissions settings or modify domain-level group memberships.

Attacker's Goals

Attackers may attempt to use the command to find domain-level groups and permissions settings or modify domain-level group memberships.

Investigative Actions

  • Check if the queried group is a sensitive one (e.g. administrators).
  • Check whether the initiating process has executed additional discovery commands.

Recommended For You