MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Discovery/ T1033

T1033System Owner/User Discovery

T1033 — System Owner/User Discovery is a MITRE ATT&CK technique in the Discovery tactic. Clankerusecase tracks 16 detection use cases covering it and 1 threat-intel article citing it.

Discovery

View on the matrix → Filter Detection Library MITRE official spec ↗

16Use cases

1Articles

0Sub-techniques

1Tactic

Use cases covering this technique (16)

Check Elevated CMD using whoami ESCU actions · alerting P GetCurrent User with PowerShell ESCU actions · hunting P GetCurrent User with PowerShell Script Block ESCU actions · hunting P Linux Auditd Whoami User Discovery ESCU actions · hunting P System User Discovery With Query ESCU actions · hunting P System User Discovery With Whoami ESCU actions · hunting P User Discovery With Env Vars PowerShell ESCU actions · hunting P User Discovery With Env Vars PowerShell Script Block ESCU actions · hunting P Windows Common Abused Cmd Shell Risk Behavior ESCU actions · alerting P Windows System Discovery Using ldap Nslookup ESCU actions · hunting P Windows System Discovery Using Qwinsta ESCU actions · hunting P Windows System Remote Discovery With Query ESCU actions · hunting P Windows System User Discovery Via Quser ESCU actions · hunting P Windows System User Privilege Discovery ESCU actions · hunting P Windows WinPEAS PowerShell Script Execution ESCU actions · alerting P [LLM] Python process spawning shell with TeamPCP recon chain (hostname; whoami; uname; ip addr fallback) Bespoke actions · alerting DSΣPDDCS

Articles citing this technique (1)

crit litellm: Credential Stealer Hidden in PyPI Wheel art-423