Technique Adds

Private Keys
- Find them

DDE
- Reference: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/

Data Staged

Windows/Credential_Access/Private_Keys.md

@@ -0,0 +1,16 @@
+# Private Keys
+
+MITRE ATT&CK Technique: [T1145](https://attack.mitre.org/wiki/Technique/T1145)
+
+File extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, pfx, .cer, .p7b, .asc
+
+Input:
+
+Make some files:
+
+echo "ATOMICREDTEAM" > %windir%\cert.key
+      dir C:\Users\(username)\.ssh\
+
+Find files:
+
+      dir c:\ /b /s .key | findstr /e .key