Home/ MITRE Matrix/ Defense Evasion/ T1078.002

T1078.002Domain Accounts

T1078.002 — Domain Accounts is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 8 detection use cases covering it and 1 threat-intel article citing it.

Defense EvasionPersistencePrivilege EscalationInitial Access

View on the matrix → Filter Detection Library MITRE official spec ↗

8Use cases

1Articles

0Sub-techniques

4Tactics

↑ Parent technique: T1078 · Valid Accounts

Use cases covering this technique (8)

Detect Excessive Account Lockouts From Endpoint ESCU actions · hunting P Suspicious Computer Account Name Change ESCU actions · alerting P Suspicious Kerberos Service Ticket Request ESCU actions · alerting P Suspicious Ticket Granting Ticket Request ESCU actions · hunting P Windows Group Policy Object Created ESCU actions · alerting P Windows PowerView AD Access Control List Enumeration ESCU actions · alerting P Identify New User Accounts ESCU actions · hunting P [LLM] AD CS certificate request with ENROLLEE_SUPPLIES_SUBJECT flag (ESC1) Bespoke exploit · hunting DSPDDCS

Articles citing this technique (1)

crit Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools art-316