Users, Groups and User Profiles

Users, Groups and User Profiles

Description:
The Security Account Manager (SAM) is a database file in Windows operating systems that stores user account information, including usernames and hashed passwords, used for authentication and access control.

Important Information:

• It is a critical component for managing user accounts and security policies.
• Windows Profile is created at the first login.

Registry:

• \System32\config\SAM

Analysis:

• Windows SIDs
• System User S-1-5-18 (Highest User) (Attack likes this user)
• Network User S-1-5-2
• List with SIDs¹

Software: RegRipper (Plugin: samparse, profilelist), RegistryExplorer (EZ)

Reference:

1.https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/bb776892(v=vs.85)