Merge pull request #49 from JimmyAstle/Discover/Files_folders_Linux

Discover/files_folders_Linux

Linux/Discovery/File_and_Directory_Discovery.md

@@ -0,0 +1,19 @@
+#File and Directory Discovery
+
+## MITRE ATT&CK Technique: [T1083](https://attack.mitre.org/wiki/Technique/T1083)
+
+Output a directory tree listing :
+
+    cd $HOME && find . -print | sed -e 's;[^/]*/;|__;g;s;__|; |;g' > /tmp/loot.txt
+
+List Mounted File Systems and Paths
+
+    cat /etc/mtab > /tmp/loot.txt
+
+Find pdfs on a machine
+
+    find . -type f -iname *.pdf > /tmp/loot.txt
+
+Find hidden files on a machine
+
+     find . -type f -name ".*"

Linux/README.md

@@ -3,7 +3,7 @@
 | Persistence                  | Privilege Escalation          | Defense Evasion               | Credential Access                      | Discovery                              | Lateral Movement                | Execution                | Collection                     | Exfiltration                                  | Command and Control                     |
 |------------------------------|-------------------------------|-------------------------------|----------------------------------------|----------------------------------------|---------------------------------|--------------------------|--------------------------------|-----------------------------------------------|-----------------------------------------|
 | .bash_profile and .bashrc    | Exploitation of Vulnerability | Binary Padding                | [Bash History](Credential_Access/Bash_History.md)                           | [Account Discovery](Discovery/Account_Discovery.md)                      | Application Deployment Software | Command-Line Interface   | Audio Capture                  | Automated Exfiltration                        | Commonly Used Port                      |
-| Bootkit                      | Setuid and Setgid             | [Clear Command History](Defense_Evasion/Clear_Command_History.md)          | Brute Force                            | File and Directory Discovery           | Exploitation of Vulnerability   | Graphical User Interface | Automated Collection           | Data Compressed                               | Communication Through Removable Media   |
+| Bootkit                      | Setuid and Setgid             | [Clear Command History](Defense_Evasion/Clear_Command_History.md)          | Brute Force                            | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md)           | Exploitation of Vulnerability   | Graphical User Interface | Automated Collection           | Data Compressed                               | Communication Through Removable Media   |
 | [Cron Job](Persistence/Cron_Job.md)                     | Sudo                          | Disabling Security Tools      | [Create Account](Credential_Access/Create_Account.md)                         | Permission Groups Discovery            | Remote File Copy                | Scripting                | Clipboard Data                 | Data Encrypted                                | Connection Proxy                        |
 | Hidden Files and Directories | Valid Accounts                | Exploitation of Vulnerability | Credentials in Files                   | Process Discovery                      | Remote Services                 | Source                   | Data Staged                    | Data Transfer Size Limits                     | Custom Command and Control Protocol     |
 | Rc.common                    | Web Shell                     | File Deletion                 | Exploitation of Vulnerability          | [System Information Discovery](Discovery/System_Information_Discovery.md)           | Third-party Software            | Space after Filename     | Data from Local System         | Exfiltration Over Alternative Protocol        | Custom Cryptographic Protocol           |