User Discovery And Export Via Get-ADUser Cmdlet - PowerShell

Rule Info

Id
c2993223-6da8-4b1a-88ee-668b8bf315e9
Author
Nasreddine Bencherchali
Name
User Discovery And Export Via Get-ADUser Cmdlet - PowerShell
Tags
attack.discovery DEMO attack.t1033
Date
2022-11-17 00:00:00
Modified
None
Description
Detects usage of the Get-ADUser cmdlet to collect user information and output it to a file
Type
Community Rule

Rule History

Author
Date
Commit
Title
Nasreddine Bencherchali
2022-11-18
Rule Dev
Nasreddine Bencherchali
2022-11-17
fix: update selection
Nasreddine Bencherchali
2022-11-17
feat: add another case to the selection
Nasreddine Bencherchali
2022-11-11
fix: apply suggestions from code review
Nasreddine Bencherchali
2022-11-10
fix: update rules with more cases
frack113
2022-10-28
order yaml
Florian Roth
2022-09-10
Update proc_creation_win_user_discovery_get_aduser.yml
nasreddine.bencherchali@nextron-systems.com
2022-09-09
Update proc_creation_win_user_discovery_get_aduser.yml
nasreddine.bencherchali@nextron-systems.com
2022-09-09
Big Update