Update Process Discovery
* Made a change to Process Discovery (added saving the output for exfil) * Added Process Discovery to Linux and updated grid
This commit is contained in:
atmathis
@@ -0,0 +1,14 @@
|
||||
## Process Discovery
|
||||
|
||||
MITRE ATT&CK Technique: [T1057](https://attack.mitre.org/wiki/Technique/T1057)
|
||||
|
||||
|
||||
### Process Discovery
|
||||
|
||||
Input:
|
||||
|
||||
ps >> /tmp/loot.txt
|
||||
|
||||
Input:
|
||||
|
||||
ps aux >> /tmp/loot.txt
|
||||
+2
-2
@@ -2,10 +2,10 @@
|
||||
|
||||
| Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Execution | Collection | Exfiltration | Command and Control |
|
||||
|------------------------------|-------------------------------|-------------------------------|----------------------------------------|----------------------------------------|---------------------------------|--------------------------|--------------------------------|-----------------------------------------------|-----------------------------------------|
|
||||
| .bash_profile and .bashrc | Exploitation of Vulnerability | Binary Padding | [Bash History](Credential_Access/Bash_History.md) | [Account Discovery](Discovery/Account_Discovery.md) | Application Deployment Software | Command-Line Interface | Audio Capture | Automated Exfiltration | Commonly Used Port |
|
||||
| [.bash_profile and .bashrc](Persistence/bash_profile_and_bashrc.md) | Exploitation of Vulnerability | Binary Padding | [Bash History](Credential_Access/Bash_History.md) | [Account Discovery](Discovery/Account_Discovery.md) | Application Deployment Software | Command-Line Interface | Audio Capture | Automated Exfiltration | Commonly Used Port |
|
||||
| Bootkit | Setuid and Setgid | [Clear Command History](Defense_Evasion/Clear_Command_History.md) | Brute Force | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md) | Exploitation of Vulnerability | Graphical User Interface | Automated Collection | Data Compressed | Communication Through Removable Media |
|
||||
| [Cron Job](Persistence/Cron_Job.md) | Sudo | Disabling Security Tools | [Create Account](Credential_Access/Create_Account.md) | Permission Groups Discovery | Remote File Copy | Scripting | Clipboard Data | Data Encrypted | Connection Proxy |
|
||||
| Hidden Files and Directories | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | Process Discovery | Remote Services | Source | Data Staged | Data Transfer Size Limits | Custom Command and Control Protocol |
|
||||
| Hidden Files and Directories | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | [Process Discovery](Discovery/Process_Discovery) | Remote Services | Source | Data Staged | Data Transfer Size Limits | Custom Command and Control Protocol |
|
||||
| Rc.common | Web Shell | File Deletion | Exploitation of Vulnerability | [System Information Discovery](Discovery/System_Information_Discovery.md) | Third-party Software | Space after Filename | Data from Local System | Exfiltration Over Alternative Protocol | Custom Cryptographic Protocol |
|
||||
| Redundant Access | | [HISTCONTROL](Defense_Evasion/HISTCONTROL.md) | Input Capture | System Network Configuration Discovery | | Third-party Software | Data from Network Shared Drive | Exfiltration Over Command and Control Channel | Data Encoding |
|
||||
| Trap | | Hidden Files and Directories | Network Sniffing | System Network Connections Discovery | | Trap | Data from Removable Media | Exfiltration Over Other Network Medium | Data Obfuscation |
|
||||
|
||||
@@ -7,8 +7,8 @@ MITRE ATT&CK Technique: [T1057](https://attack.mitre.org/wiki/Technique/T1057)
|
||||
|
||||
Input:
|
||||
|
||||
ps
|
||||
ps >> /tmp/loot.txt
|
||||
|
||||
Input:
|
||||
|
||||
ps aux
|
||||
ps aux >> /tmp/loot.txt
|
||||
|
||||
Reference in New Issue
Block a user