be85bb6afe
Discovery bat
...
+ Added reg queries to payload.
2017-10-31 12:58:40 -07:00
66c37e8b53
Evasion and exfil
...
+ Added wevtutil and fsutil per what was used recently by BadBuddy Ransomware.
+ Added 2 ways to compress data with Powershell and rar.
2017-10-31 12:56:52 -07:00
b144a64e43
Merge pull request #6 from redcanaryco/Collection
...
Updated Windows Matrix
2017-10-17 15:11:19 -07:00
59722275f6
Updated Windows Matrix
...
+ Added Clipboard Data
2017-10-17 15:09:43 -07:00
0ad43f6b67
Merge pull request #5 from redcanaryco/Collection
...
Windows - Collection
2017-10-17 13:46:05 -06:00
cf3f201c94
Fix
...
+ Line breaks
2017-10-17 11:55:57 -07:00
3c17d14b37
Fixed Clipboard
...
+ Missing clip and made it completely compatible with powershell only now. No need to be in cmd.exe to start this.
2017-10-16 13:19:20 -07:00
cfa399357b
small change
2017-10-13 23:26:09 +11:00
34dd80d94b
Initial Commit
...
+ Audio Capture
+ Automated Collection
+ Input Capture
+ collection bat
+ Payload
+ Updated Matrix
2017-10-12 15:05:28 -07:00
87743faf73
Discovery
...
+ Added a Discovery bat file to run all the things at once. Generally, none of this activity is deemed "evil" as it is recon activity. Seeing it all run at once should be suspect to anyone.
+ Updates to two discovery files.
2017-10-12 10:35:44 -07:00
086c43c191
Update Windows.md
2017-10-12 08:05:08 -07:00
09a3c0b2e5
Broken links
...
due to typos
2017-10-12 11:21:14 +02:00
4d6d676be5
Cleanup
...
Small adds and changes
2017-10-11 20:27:24 -07:00
623ba37c58
Update Windows.md
2017-10-11 10:47:01 -07:00
479acc3aa8
Update Windows.md
2017-10-11 10:46:12 -07:00
07c4d38ce7
Update Windows.md
2017-10-11 10:44:33 -07:00
ac8dd2cfec
Initial Commit
...
Initial Checkin
2017-10-11 10:35:17 -07:00
Michael Haag