-
Notifications
You must be signed in to change notification settings - Fork 2
Audit users
simondotsh edited this page Oct 27, 2021
·
1 revision
The auditing feature of users validates if the user may call the method SamrConnect on the target.
Knowing local groups and their members may help a malicious actor to orientate their actions. Indeed, if they learn that a specific user is privileged on a system that they would like to gain access to, they can aim to compromise that user through other vectors.
The tool BloodHound leverages this to draw a map of where a user is privileged or can authenticate to. See CollectionMethod, section "LocalGroup".
Network access: Restrict clients allowed to make remote calls to SAM.