EXPLORE
Sign In
← Back to Explore
T1615

Group Policy Discovery

Adversaries may gather information on Group Policy settings to identify paths for privilege escalation, security measures applied within a domain, and to discover patterns in domain objects that can be manipulated or used to blend in the environment. Group Policy allows for centralized management of user and computer settings in Active Directory (AD). Group policy objects (GPOs) are containers for group policy settings made up of files stored within a predictable network path `\<DOMAIN>\SYSVOL\<...

Windows
7
Detections
2
Sources
1
Threat Actors

BY SOURCE

5sigma2elastic

PROCEDURES (5)

Process Creation Monitoring3 detections

Auto-extracted: 3 detections for process creation monitoring

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

Privilege1 detections

Auto-extracted: 1 detections for privilege

Privilege1 detections

Auto-extracted: 1 detections for privilege

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

THREAT ACTORS (1)

Turla

DETECTIONS (7)

Enumeration Command Spawned via WMIPrvSE
elasticlow
Gpresult Display Group Policy Information
sigmamedium
Group Policy Discovery via Microsoft GPResult Utility
elasticlow
HackTool - SharpUp PrivEsc Tool Execution
sigmacritical
Potential Reconnaissance Activity Via GatherNetworkInfo.VBS
sigmamedium
Suspicious GPO Discovery With Get-GPO
sigmalow
Suspicious Reconnaissance Activity Via GatherNetworkInfo.VBS
sigmahigh