Tag
medium
advisory
User Added to Privileged Group in Active Directory
2 rules 1 TTPAdversaries may add a user to a privileged group in Active Directory, such as Domain Admins, to maintain persistent access and elevate privileges within the domain.
Active Directory
persistence
privilege_escalation
active_directory
2r
1t
low
advisory
Suspicious Access to LDAP Attributes
2 rules 3 TTPsThe rule detects suspicious access to LDAP attributes in Active Directory by identifying read access to a high number of Active Directory object attributes, which can help adversaries find vulnerabilities, elevate privileges, or collect sensitive information.
Active Directory
active_directory
ldap
discovery
windows
2r
3t