| ID | Name |
|---|---|
| ATAGS-T1146.001 | Local Groups |
| ATAGS-T1146.002 | Domain Groups |
| ATAGS-T1146.003 | Cloud Groups |
Threat Actors may attempt to find local system groups and permission settings. The knowledge of local system permission groups can help Threat Actors determine which groups exist and which users belong to a particular group. Threat Actors may use this information to determine which users have elevated permissions, such as the users found within the local administrators group.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.