![Back to home Valhalla Logo](/static/valhalla-logo.png)
Rule Info
Name
Group Membership Reconnaissance Via Whoami.EXE
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of whoami.exe with the /group command line flag to show group membership for the current user, account type, security identifiers (SID), and attributes.
Date
2023-02-28 00:00:00
Modified
None
Id
bd8b828d-0dca-48e1-8a63-8a58ecf2644f
Tags
attack.discovery attack.t1033 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
chore: promote older rules status from `experimental` to `test` (#4651)
2024-01-01
Qasim Qlf
Update rules/windows/process_creation/proc_creation_win_whoami_priv.yml
2023-02-03