Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Discovery/ T1087.002

T1087.002Domain Account

T1087.002 — Domain Account is a MITRE ATT&CK technique in the Discovery tactic. Clankerusecase tracks 30 detection use cases covering it and 1 threat-intel article citing it.

Discovery
View on the matrix → Filter Detection Library MITRE official spec ↗
30Use cases
1Articles
0Sub-techniques
1Tactic
↑ Parent technique: T1087 · Account Discovery

Use cases covering this technique (30)

AdsiSearcher Account Discovery ESCU actions · alerting P Detect AzureHound Command-Line Arguments ESCU actions · alerting P Detect AzureHound File Modifications ESCU actions · alerting P Detect SharpHound Command-Line Arguments ESCU actions · alerting P Detect SharpHound File Modifications ESCU actions · alerting P Detect SharpHound Usage ESCU actions · alerting P Domain Account Discovery with Dsquery ESCU actions · hunting P Domain Account Discovery with Wmic ESCU actions · alerting P Get ADUser with PowerShell ESCU actions · hunting P Get ADUser with PowerShell Script Block ESCU actions · hunting P Get DomainUser with PowerShell ESCU actions · alerting P Get DomainUser with PowerShell Script Block ESCU actions · alerting P GetWmiObject DS User with PowerShell ESCU actions · hunting P GetWmiObject DS User with PowerShell Script Block ESCU actions · alerting P Network Traffic to Active Directory Web Services Protocol ESCU actions · hunting P SchCache Change By App Connect And Create ADSI Object ESCU actions · hunting P Windows AD Abnormal Object Access Activity ESCU actions · hunting P Windows AD Privileged Object Access Activity ESCU actions · alerting P Windows Domain Account Discovery Via Get-NetComputer ESCU actions · hunting P Windows Find Domain Organizational Units with GetDomainOU ESCU actions · alerting P Windows Find Interesting ACL with FindInterestingDomainAcl ESCU actions · alerting P Windows Forest Discovery with GetForestDomain ESCU actions · alerting P Windows Get Local Admin with FindLocalAdminAccess ESCU actions · alerting P Windows Linked Policies In ADSI Discovery ESCU actions · hunting P Windows Root Domain linked policies Discovery ESCU actions · hunting P Windows SOAPHound Binary Execution ESCU actions · alerting P Windows Suspect Process With Authentication Traffic ESCU actions · hunting P Account Discovery With Net App ESCU actions · alerting P Domain Account Discovery With Net App ESCU actions · alerting P [LLM] PAN-OS firewall service account LDAP enumeration of DomainDnsZones Bespoke actions · hunting DSPDD

Articles citing this technique (1)

crit Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution art-325