added guid's back in
This commit is contained in:
biot
@@ -2,6 +2,7 @@ attack_technique: T1056.001
|
||||
display_name: 'Input Capture: Keylogging'
|
||||
atomic_tests:
|
||||
- name: Input Capture
|
||||
auto_generated_guid: d9b633ca-8efb-45e6-b838-70f595c6ae26
|
||||
description: |
|
||||
Utilize PowerShell and external resource to capture keystrokes
|
||||
[Payload](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/src/Get-Keystrokes.ps1)
|
||||
@@ -24,6 +25,7 @@ atomic_tests:
|
||||
name: powershell
|
||||
elevation_required: true
|
||||
- name: Living off the land Terminal Input Capture on Linux with pam.d
|
||||
auto_generated_guid: 9c6bdb34-a89f-4b90-acb1-5970614c711b
|
||||
description: |
|
||||
Pluggable Access Module, which is present on all modern Linux systems, generally contains a library called pam_tty_audit.so which logs all keystrokes for the selected users and sends it to audit.log. All terminal activity on any new logins would then be archived and readable by an adversary with elevated privledges.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user