From 919993d8869fa62a78b6d7490b4f88b683c8cb68 Mon Sep 17 00:00:00 2001
From: Jimmy Astle <astle.j@gmail.com>
Date: Tue, 2 Jan 2018 16:07:07 -0500
Subject: [PATCH 1/2] Couple of fun searching techniques

---
 .../Discovery/File_and_Directory_Discovery.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 Linux/Discovery/File_and_Directory_Discovery.md

diff --git a/Linux/Discovery/File_and_Directory_Discovery.md b/Linux/Discovery/File_and_Directory_Discovery.md
new file mode 100644
index 00000000..a3073ac6
--- /dev/null
+++ b/Linux/Discovery/File_and_Directory_Discovery.md
@@ -0,0 +1,19 @@
+#File and Directory Discovery
+
+## MITRE ATT&CK Technique: [T1083](https://attack.mitre.org/wiki/Technique/T1083)
+
+Output a directory tree listing :
+
+    cd $HOME && find . -print | sed -e 's;[^/]*/;|__;g;s;__|; |;g' > /tmp/loot.txt
+
+List Mounted File Systems and Paths
+
+    cat /etc/mtab > /tmp/loot.txt
+
+Find pdfs on a machine
+
+    find . -type f -iname *.pdf > /tmp/loot.txt
+
+Find hidden files on a machine
+
+     find . -type f -name ".*"

From 219534d464b06d243e71db9a6e400647345eb294 Mon Sep 17 00:00:00 2001
From: Jimmy Astle <astle.j@gmail.com>
Date: Tue, 2 Jan 2018 16:11:04 -0500
Subject: [PATCH 2/2] Updating Table to link to file and folder discovery

---
 Linux/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Linux/README.md b/Linux/README.md
index ebb84ad4..06cadfec 100644
--- a/Linux/README.md
+++ b/Linux/README.md
@@ -3,7 +3,7 @@
 | Persistence                  | Privilege Escalation          | Defense Evasion               | Credential Access                      | Discovery                              | Lateral Movement                | Execution                | Collection                     | Exfiltration                                  | Command and Control                     |
 |------------------------------|-------------------------------|-------------------------------|----------------------------------------|----------------------------------------|---------------------------------|--------------------------|--------------------------------|-----------------------------------------------|-----------------------------------------|
 | .bash_profile and .bashrc    | Exploitation of Vulnerability | Binary Padding                | [Bash History](Credential_Access/Bash_History.md)                           | Account Discovery                      | Application Deployment Software | Command-Line Interface   | Audio Capture                  | Automated Exfiltration                        | Commonly Used Port                      |
-| Bootkit                      | Setuid and Setgid             | [Clear Command History](Defense_Evasion/Clear_Command_History.md)          | Brute Force                            | File and Directory Discovery           | Exploitation of Vulnerability   | Graphical User Interface | Automated Collection           | Data Compressed                               | Communication Through Removable Media   |
+| Bootkit                      | Setuid and Setgid             | [Clear Command History](Defense_Evasion/Clear_Command_History.md)          | Brute Force                            | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md)           | Exploitation of Vulnerability   | Graphical User Interface | Automated Collection           | Data Compressed                               | Communication Through Removable Media   |
 | [Cron Job](Persistence/Cron_Job.md)                     | Sudo                          | Disabling Security Tools      | [Create Account](Credential_Access/Create_Account.md)                         | Permission Groups Discovery            | Remote File Copy                | Scripting                | Clipboard Data                 | Data Encrypted                                | Connection Proxy                        |
 | Hidden Files and Directories | Valid Accounts                | Exploitation of Vulnerability | Credentials in Files                   | Process Discovery                      | Remote Services                 | Source                   | Data Staged                    | Data Transfer Size Limits                     | Custom Command and Control Protocol     |
 | Rc.common                    | Web Shell                     | File Deletion                 | Exploitation of Vulnerability          | System Information Discovery           | Third-party Software            | Space after Filename     | Data from Local System         | Exfiltration Over Alternative Protocol        | Custom Cryptographic Protocol           |