Working with user profiles
Tags
attack-pattern: Data Credentials - T1589.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID a72c1787-98b4-4ac7-9b68-db372235142c
Fingerprint 880d225102ac879b
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 9, 2012, 5:28 p.m.
Added to db Jan. 18, 2023, 10:06 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline >_
Title Working with user profiles
Detected Hints/Tags/Attributes 41/1/20
Source URLs
Redirection Url
Details Source https://p0w3rsh3ll.wordpress.com/2012/08/09/working-with-user-profiles/
URL Provider
Details Provider Source level domain
Details wordpress.com p0w3rsh3ll.wordpress.com
Attributes
Details Type #Events CTI Value
Details Domain 107 
system.management
Details Domain 201 
msdn.microsoft.com
Details Domain 1 
2012sg.poshcode.org
Details Domain 228 
system.io
Details Domain 149 
system.security
Details Domain 150 
www.w3.org
Details Domain 1 
the.admin.email
Details File 193 
ntuser.dat
Details File 46 
automation.ps
Details File 22 
_.ps
Details File 2 
powershell-converting-accountname-to-sid-and-vice-versa.aspx
Details File 41 
system.obj
Details File 2126 
cmd.exe
Details Url 1 
http://msdn.microsoft.com/en-us/library/windows/desktop/ee886409(v=vs.85).aspx
Details Url 1 
http://2012sg.poshcode.org/4825
Details Url 2 
http://thepowershellguy.com/blogs/posh/archive/2007/01/23/powershell-converting-accountname-to-sid-and-vice-versa.aspx
Details Url 8 
http://www.w3.org/tr/xhtml1/dtd/xhtml1-strict.dtd
Details Url 21 
http://www.w3.org/1999/xhtml
Details Windows Registry Key 7 
HKLM\software\microsoft\windows
Details Windows Registry Key 164 
HKLM\SOFTWARE\Microsoft\Windows