Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Added TTP TA0007 Discovery: T1087.001 Local Account #50

Merged
merged 5 commits into from
Aug 31, 2023
Merged

Added TTP TA0007 Discovery: T1087.001 Local Account #50

merged 5 commits into from
Aug 31, 2023

Conversation

sw8y
Copy link
Contributor

@sw8y sw8y commented Aug 31, 2023
edited
Loading

Proposed Changes

Added MITRE ATT&CK TTP for Account Discovery.

Tactic: TA0007 Discovery
Techniques: T1087 Account Discovery
Subtechniques: T1087.001 Local Account
This TTP leverages the Directory Service Command Line (DSCL) utility to pull a list of local user accounts on MacOS.

Related Issue(s)
No issues to report from this change. Simply adding another TTP to this repository.

Testing
Identified the command and syntax needed to pull local user accounts from MacOS.
Ran the command locally to confirm that user accounts are being printed as expected.
Added the "list_local_users" folder within the "macOS" parent folder.
Added the "list_local_users.yaml" file under the "list_local_users" folder.
Added the command to print user account names: "dscl . list /Users | grep -v “^_”"
Ran the YAML file locally and confirmed that user accounts are being printed and no issues arise.

Documentation
No documentation updates have been made.

Screenshots/GIFs (optional)

Not applicable.

Checklist

  • Ran mage runprecommit locally and fixed any issues that arose.
  • Curated your commit(s) so they are legible and easy to read and understand.
  • 🚀

@l50 l50 enabled auto-merge (squash) August 31, 2023 04:54
auto-merge was automatically disabled August 31, 2023 04:56

Head branch was pushed to by a user without write access

@l50 l50 enabled auto-merge (squash) August 31, 2023 05:14
l50
l50 approved these changes Aug 31, 2023
View reviewed changes
Copy link
Contributor

@l50 l50 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thank you so much for the new TTP and the correction to the previous one!

@l50 l50 merged commit 174f7b1 into facebookincubator:main Aug 31, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@l50 l50 l50 approved these changes

@CrimsonK1ng CrimsonK1ng Awaiting requested review from CrimsonK1ng CrimsonK1ng is a code owner

@d3sch41n d3sch41n Awaiting requested review from d3sch41n d3sch41n is a code owner

Assignees
No one assigned
Labels
cla signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sw8y @l50 @facebook-github-bot