Tag

Account-Manipulation

4 briefs RSS

Google Workspace Admin Role Assigned to a User or Group

Adversaries leverage the assignment of administrative roles within Google Workspace to an existing or new user/group, establishing persistence and escalating privileges to gain broad control over the tenant, including bypassing single sign-on.

Google Workspace cloud-security google-workspace persistence privilege-escalation account-manipulation saas-security

2r 2t 2d ago

medium advisory

Account Configured with Never-Expiring Password

2 rules 1 TTP

Detects the creation and modification of an account with the 'Don't Expire Password' option enabled, which attackers can abuse to persist in the domain and maintain long-term access.

Active Directory persistence windows account-manipulation

2r 1t Jan 3, 2024

medium advisory

Spike in Active Directory User Modification Activity

2 rules 1 TTP

Detects an increase in modifications to AD user objects, which may indicate unauthorized access, impaired defenses, or persistence establishment.

Splunk Enterprise +2 account-manipulation persistence windows

2r 1t Jan 3, 2024

high advisory

Azure AD Account Created and Deleted Within a Close Time Frame

2 rules 3 TTPs

Detection of Azure Active Directory accounts that are created and deleted within a short timeframe, potentially indicating malicious activity such as privilege escalation or persistence attempts.

Azure Active Directory privilege-escalation persistence initial-access stealth account-manipulation

2r 3t Jan 2, 2024