diff --git a/Linux/Discovery/Process_Discovery.md b/Linux/Discovery/Process_Discovery.md new file mode 100644 index 00000000..6d62576a --- /dev/null +++ b/Linux/Discovery/Process_Discovery.md @@ -0,0 +1,14 @@ +## Process Discovery + +MITRE ATT&CK Technique: [T1057](https://attack.mitre.org/wiki/Technique/T1057) + + +### Process Discovery + +Input: + + ps >> /tmp/loot.txt + +Input: + + ps aux >> /tmp/loot.txt diff --git a/Linux/README.md b/Linux/README.md index df099939..5ecc542f 100644 --- a/Linux/README.md +++ b/Linux/README.md @@ -2,10 +2,10 @@ | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Execution | Collection | Exfiltration | Command and Control | |------------------------------|-------------------------------|-------------------------------|----------------------------------------|----------------------------------------|---------------------------------|--------------------------|--------------------------------|-----------------------------------------------|-----------------------------------------| -| .bash_profile and .bashrc | Exploitation of Vulnerability | Binary Padding | [Bash History](Credential_Access/Bash_History.md) | [Account Discovery](Discovery/Account_Discovery.md) | Application Deployment Software | Command-Line Interface | Audio Capture | Automated Exfiltration | Commonly Used Port | +| [.bash_profile and .bashrc](Persistence/bash_profile_and_bashrc.md) | Exploitation of Vulnerability | Binary Padding | [Bash History](Credential_Access/Bash_History.md) | [Account Discovery](Discovery/Account_Discovery.md) | Application Deployment Software | Command-Line Interface | Audio Capture | Automated Exfiltration | Commonly Used Port | | Bootkit | Setuid and Setgid | [Clear Command History](Defense_Evasion/Clear_Command_History.md) | Brute Force | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md) | Exploitation of Vulnerability | Graphical User Interface | Automated Collection | Data Compressed | Communication Through Removable Media | | [Cron Job](Persistence/Cron_Job.md) | Sudo | Disabling Security Tools | [Create Account](Credential_Access/Create_Account.md) | Permission Groups Discovery | Remote File Copy | Scripting | Clipboard Data | Data Encrypted | Connection Proxy | -| Hidden Files and Directories | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | Process Discovery | Remote Services | Source | Data Staged | Data Transfer Size Limits | Custom Command and Control Protocol | +| Hidden Files and Directories | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | [Process Discovery](Discovery/Process_Discovery) | Remote Services | Source | Data Staged | Data Transfer Size Limits | Custom Command and Control Protocol | | Rc.common | Web Shell | File Deletion | Exploitation of Vulnerability | [System Information Discovery](Discovery/System_Information_Discovery.md) | Third-party Software | Space after Filename | Data from Local System | Exfiltration Over Alternative Protocol | Custom Cryptographic Protocol | | Redundant Access | | [HISTCONTROL](Defense_Evasion/HISTCONTROL.md) | Input Capture | System Network Configuration Discovery | | Third-party Software | Data from Network Shared Drive | Exfiltration Over Command and Control Channel | Data Encoding | | Trap | | Hidden Files and Directories | Network Sniffing | System Network Connections Discovery | | Trap | Data from Removable Media | Exfiltration Over Other Network Medium | Data Obfuscation | diff --git a/Mac/Discovery/Process_Discovery.md b/Mac/Discovery/Process_Discovery.md index a63072a3..6d62576a 100644 --- a/Mac/Discovery/Process_Discovery.md +++ b/Mac/Discovery/Process_Discovery.md @@ -7,8 +7,8 @@ MITRE ATT&CK Technique: [T1057](https://attack.mitre.org/wiki/Technique/T1057) Input: - ps + ps >> /tmp/loot.txt Input: - ps aux + ps aux >> /tmp/loot.txt