diff --git a/Linux/Defense_Evasion/Hidden_Files_and_Directories.md b/Linux/Defense_Evasion/Hidden_Files_and_Directories.md new file mode 100644 index 00000000..7a9100aa --- /dev/null +++ b/Linux/Defense_Evasion/Hidden_Files_and_Directories.md @@ -0,0 +1,22 @@ +# Hidden Files and Directories + +MITRE ATT&CK Technique: [T1158](https://attack.mitre.org/wiki/Technique/T1158) + +To create visible directories and files + + mkdir visible-directory + echo "this file is visible" > visible-directory/visible-file + + # List the contents the current directory and visible directory + ls + ls visible-directory + + +To create hidden directories and files + + mkdir .hidden-directory + echo "this file is hidden" > .hidden-directory/.hidden-file + + # List the contents the current directory and hidden directory + ls -la + ls -la .hidden-directory \ No newline at end of file diff --git a/Linux/Persistence/Hidden_Files_and_Directories.md b/Linux/Persistence/Hidden_Files_and_Directories.md new file mode 100644 index 00000000..7a9100aa --- /dev/null +++ b/Linux/Persistence/Hidden_Files_and_Directories.md @@ -0,0 +1,22 @@ +# Hidden Files and Directories + +MITRE ATT&CK Technique: [T1158](https://attack.mitre.org/wiki/Technique/T1158) + +To create visible directories and files + + mkdir visible-directory + echo "this file is visible" > visible-directory/visible-file + + # List the contents the current directory and visible directory + ls + ls visible-directory + + +To create hidden directories and files + + mkdir .hidden-directory + echo "this file is hidden" > .hidden-directory/.hidden-file + + # List the contents the current directory and hidden directory + ls -la + ls -la .hidden-directory \ No newline at end of file diff --git a/Linux/README.md b/Linux/README.md index 83e03254..abed12e2 100644 --- a/Linux/README.md +++ b/Linux/README.md @@ -6,9 +6,9 @@ | Bootkit | [Setuid and Setgid](Privilege_Escalation/Setuid_and_Setgid.md) | [Clear Command History](Defense_Evasion/Clear_Command_History.md) | Brute Force | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md) | Exploitation of Vulnerability | Graphical User Interface | Automated Collection | Data Compressed | Communication Through Removable Media | | [Browser Extensions](Persistence/Browser_Extensions.md)| Sudo | Disabling Security Tools | [Create Account](Credential_Access/Create_Account.md) | [Network Service Scanning](Discovery/Network_Service_Scanning.md) | Remote File Copy | Scripting | [Browser Extensions](Collection/Browser_Extensions.md) | Data Encrypted | Connection Proxy | | [Cron Job](Persistence/Cron_Job.md) | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | Permission Groups Discovery | Remote Services | Source | Clipboard Data | Data Transfer Size Limits | Custom Command and Control Protocol | -| Hidden Files and Directories | Web Shell | File Deletion | Exploitation of Vulnerability | [Process Discovery](Discovery/Process_Discovery.md) | Third-party Software | Space after Filename | Data Staged | [Exfiltration Over Alternative Protocol](Exfiltration/Exfiltration_Over_Alternative_Protocol.md) | Custom Cryptographic Protocol | +| [Hidden Files and Directories](Persistence/Hidden_Files_and_Directories.md) | Web Shell | File Deletion | Exploitation of Vulnerability | [Process Discovery](Discovery/Process_Discovery.md) | Third-party Software | Space after Filename | Data Staged | [Exfiltration Over Alternative Protocol](Exfiltration/Exfiltration_Over_Alternative_Protocol.md) | Custom Cryptographic Protocol | | Rc.common | | [HISTCONTROL](Defense_Evasion/HISTCONTROL.md) | Input Capture | [Remote System Discovery](Discovery/Remote_System_Discovery.md) | | Third-party Software | Data from Local System | Exfiltration Over Command and Control Channel | Data Encoding | -| Redundant Access | | Hidden Files and Directories | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | [Trap](Execution/Trap.md) | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation | +| Redundant Access | | [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories.md) | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | [Trap](Execution/Trap.md) | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation | | [Trap](Persistence/Trap.md) | | Indicator Removal from Tools | Private Keys | [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | | | Data from Removable Media | Exfiltration Over Physical Medium | Fallback Channels | | Valid Accounts | | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | | | Input Capture | Scheduled Transfer | Multi-Stage Channels | | Web Shell | | Install Root Certificate | | System Owner/User Discovery | | | Screen Capture | | Multiband Communication |