Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Cybrary

User Discovery

via Cybrary

Overview

Adversaries will attempt to identify the system owner and perform user discovery in support of the overall Discovery tactic. They may do this by pulling account usernames or using credential dumping. They will search for process ownership, directory ownership, and other important information that is available in system logs. By learning who target users are and what their capabilities may be, attackers can plan their next steps. Threat actors like FIN10 have been known to use Meterpreter to enumerate users on remote systems.

It is important to be able to detect this type of activity because mitigating it is difficult, given that it involves abusing normal system features.

Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the financially motivated threat group FIN10. Prevent adversaries from accomplishing the tactic of Discovery in your environment today.

What will I be able to accomplish after taking these courses?

  • You will be able to identify and validate critical threats related to threat actor attempts to exfiltrate your organization’s valuable data and potentially attempt to extort your organization for financial gain.
  • You will be able to use a SIEM tool to identify indicators of compromise and validate whether they should be investigated further.
  • You will learn response and mitigation recommendations to keep your organization safe.

What are the prerequisites for these courses?

  • Intermediate-level knowledge of defensive security is required. You should have some experience as a security engineer, SOC or security analyst, or similar role.
  • Familiarity with using a SIEM tool, like Splunk or ELK is strongly recommended.
  • Experience using command-line tools is required.
  • Cybrary's MITRE ATT&CK Defender (MAD) ATT&CK Fundamentals Course is recommended.
  • A basic understanding of offensive security is beneficial. Those who have taken our Offensive Penetration Testing course or our OWASP Top Ten series of courses will be well prepared in this area.

Syllabus

  • User Discovery
    • What is User Discovery?
    • Hands-On Detection (Lab)

Taught by

Matthew Mullins and Owen Dubiel

Reviews

Start your review of User Discovery

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.