You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
description: The following analytic leverages Event ID 4104 to identify the execution of the PowerView powershell commandlets `Get-ObjectAcl` and `Get-DomainObjectAcl`. This commandlets
description: The following analytic leverages Event ID 4104 to identify the execution of the PowerView powershell commandlets `Get-ObjectAcl` or `Get-DomainObjectAcl`. This commandlets
are used to enumerate Access Control List permissions given to Active Directory objects. In an active directory environment, an object is an entity that represents an available resource within
the organizations network, such as domain controllers, users, groups, computers, shares, etc. Maintaining Active Directory permissions is complicated and hard to manage, especially in complex
and large environments with multiple domains. Weak permissions may allow adversaries and red teamers to escalate their privileges in Active Directory. PowerView is a common tool leveraged
