Windows Users Enumeration
Windows User Enumeration is a technique used for various purposes during malicious activity. It plays a key role in reconnaissance by identifying existing user accounts on the system. This information can help attackers:
- Pinpoint potential side-targets on the infected machine
- Facilitate both horizontal and vertical privilege escalation
- Gather detailed user information (e.g., full names or descriptions)
Depending on the privileges of the malware process, impersonate or execute applications as other users.
Windows user enumeration can be performed through various methods, including the use of specific Windows APIs, .NET classes, or native command-line utilities (e.g., net user).
It is uncommon for Remote Access Trojans (RATs) to include a dedicated graphical feature for enumerating Windows users via API calls or command output parsing. Instead, operators typically rely on an available remote shell and prefer to execute native commands or PowerShell scripts to gather user information.
Featured Windows APIs
Associated Code Snippet
| Id | Name | Language | Author | Published Date | 
|---|---|---|---|---|
| 13 | Enumerate Windows Usernames |  Delphi | DarkCoderSc | 6 months ago. | 
Associated Feature
| Feature Name | Dangerousness | Key Categories | 
|---|---|---|
|  System Information Gathering | High | Spy / Surveillance, Lateral Movements, Privilege Escalation |