V
Scaner-VSvulnerability catalog · v4.2
ENRU
T1087.004EnterpriseSub-technique
Matrix: Enterprise
Status: Active
STIX: 19.0
Source ↗

Cloud Account

Adversaries may attempt to get a listing of cloud accounts. Cloud accounts are those created and configured by an organization for use by users, remote support, services, or for administration of resources within a cloud service provider or SaaS application. With authenticated access there are several tools that can be used to find accounts. The Get-MsolRoleMember PowerShell cmdlet can be used to obtain account names given a role or permissions group in Office 365. The Azure CLI (AZ CLI) also provides an interface to obtain user accounts with authenticated access to a domain. The command az ad user list will list all users within a domain. The AWS command aws iam list-users may be used to obtain a list of users in the current account while aws iam list-roles can obtain IAM roles that have a specified path prefix. In GCP, gcloud iam service-accounts list and gcloud projects get-iam-policy may be used to obtain a listing of service accounts and users in a project.

Tactics

Discovery

Parent technique

T1087
Account Discovery

Platforms

IaaSIdentity ProviderOffice SuiteSaaS

Mitigations

M1018
User Account Management
M1047
Audit
Open in catalog with ATT&CK filter →

Related CAPECs

Affected vulnerabilities (Inferred)

View on attack.mitre.org ↗
No matches — refine the filter to see a result.