Infosec Institute -
The MITRE ATT&CK framework breaks the lifecycle of a cyberattack into a series of tactics or goals that the attacker may need to achieve. For each of these goals, several different techniques are outlined for achieving them.
An attacker with access to a target environment needs information about that environment to achieve their end goals. In many cases, this information is only available once they are inside the environment because firewalls and other defenses limit the information accessible from the outside. For this reason, an attacker may need to perform discovery to collect the intelligence needed to plan the remainder of their campaign.
Introduction to account discovery
Digital systems use the concept of accounts to manage identities and access. Any user of a system and the applications that run on it have accounts associated with them that describe their access and privileges on the system.
Information about these accounts can be invaluable to an attacker. Account information can help to determine the accounts that have the access and privileges needed to achieve the next step of the attack or which accounts might be worth compromising as a persistence mechanism.
User account discovery
Both Windows and *nix operating systems assign