search

OTRF / detection-hackathon-apt29

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
GNU General Public License v3.0
130 stars 41 forks source link

13.C) System Owner/User Discovery #32

Open Cyb3rWard0g opened 4 years ago

Cyb3rWard0g commented 4 years ago

Description

The attacker performs local enumeration using various Windows API calls, specifically gathering current user context (T1033)