From 92d00161597f02aad3d462c818a2ee9004eb629a Mon Sep 17 00:00:00 2001 From: Swelc Date: Sun, 1 Jul 2018 17:35:37 -0500 Subject: [PATCH 1/2] Added T1049 System Network Connections Discovery --- atomics/T1049/T1049.yaml | 50 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 atomics/T1049/T1049.yaml diff --git a/atomics/T1049/T1049.yaml b/atomics/T1049/T1049.yaml new file mode 100644 index 00000000..0f5e6d77 --- /dev/null +++ b/atomics/T1049/T1049.yaml @@ -0,0 +1,50 @@ +--- +attack_technique: T1049 +display_name: System Network Connections Discovery + +atomic_tests: +- name: System Network Connections Discovery + description: | + Get a listing of network connections. + + supported_platforms: + - windows + + input_arguments: + output_file: + description: TODO + type: todo + default: TODO + + executor: + name: command_prompt + command: | + netstat + net use + net sessions + +- name: System Network Connections Discovery with PowerShell + description: | + Get a listing of network connections. + + supported_platforms: + - windows + + executor: + name: powershell + command: | + Get-NetTCPConnection + +- name: System Network Connections Discovery Linux & MacOS + description: | + Get a listing of network connections. + + supported_platforms: + - linux + - macos + + executor: + name: sh + command: | + netstat + who -a \ No newline at end of file From e61f02b1192c8a6706b1272d45b93a3b268e51b8 Mon Sep 17 00:00:00 2001 From: Swelc Date: Tue, 3 Jul 2018 21:00:20 -0500 Subject: [PATCH 2/2] Removed unneeded inputs --- atomics/T1049/T1049.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/atomics/T1049/T1049.yaml b/atomics/T1049/T1049.yaml index 0f5e6d77..3019f21d 100644 --- a/atomics/T1049/T1049.yaml +++ b/atomics/T1049/T1049.yaml @@ -10,12 +10,6 @@ atomic_tests: supported_platforms: - windows - input_arguments: - output_file: - description: TODO - type: todo - default: TODO - executor: name: command_prompt command: |