From a1b6ab49f4b01f9dda000068cf23622dd475a26a Mon Sep 17 00:00:00 2001
From: infosecB <infosecb@infosecb.com>
Date: Tue, 9 Apr 2024 20:21:24 -0400
Subject: [PATCH] Update defaults - Add Jamf Connect Active Directory user info

---
 LOOBins/defaults.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/LOOBins/defaults.yml b/LOOBins/defaults.yml
index 5d33489..82ce8bb 100644
--- a/LOOBins/defaults.yml
+++ b/LOOBins/defaults.yml
@@ -21,6 +21,11 @@ example_use_cases:
   code: sudo defaults write /Library/Preferences/com.apple.loginwindow LoginHook gain_persistence.sh
   tactics:
   - Persistence
+- name: Get Active Directory user info from Jamf Connect
+  description: Retrieve Active Directory user info from Jamf Connect defaults configuration.
+  code: defaults read com.jamf.connect.state
+  tactics:
+  - Discovery
 paths:
 - /usr/bin/defaults
 detections: