⚠
BowTie Risk
Assessments
Hazards
Library
Implementations
Guide
← Back
Edit Threat
Name
Category
Tags
(comma-separated)
Description
An adversary may add additional local or domain groups to an adversary-controlled account to maintain persistent access to a system or domain. On Windows, accounts may use the net localgroup and net group commands to add existing users to local and domain groups. On Linux, adversaries may use the usermod command for the same purpose. For example, accounts may be added to the local administrators group on Windows devices to maintain elevated privileges. They may also be added to the Remote Deskto
Save changes
Cancel