Merge pull request #288 from swelcher/T1049

Added T1049 System Network Connections Discovery
2018-07-06 13:54:27 -06:00
parent e50fe48294 e61f02b119
commit 6d1279ccd9
1 changed files with 44 additions and 0 deletions
@@ -0,0 +1,44 @@
+---
+attack_technique: T1049
+display_name: System Network Connections Discovery
+
+atomic_tests:
+- name: System Network Connections Discovery
+  description: |
+    Get a listing of network connections.
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: command_prompt
+    command: |
+      netstat
+      net use
+      net sessions
+
+- name: System Network Connections Discovery with PowerShell
+  description: |
+    Get a listing of network connections.
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: powershell
+    command: |
+      Get-NetTCPConnection
+
+- name: System Network Connections Discovery Linux & MacOS
+  description: |
+    Get a listing of network connections.
+
+  supported_platforms:
+    - linux
+    - macos
+
+  executor:
+    name: sh
+    command: |
+      netstat
+      who -a