# T1124 - System Time Discovery
## [Description from ATT&CK](https://attack.mitre.org/techniques/T1124)
<blockquote>An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network. (Citation: MSDN System Time) (Citation: Technet Windows Time Service)

System time information may be gathered in a number of ways, such as with [Net](https://attack.mitre.org/software/S0039) on Windows by performing <code>net time \\hostname</code> to gather the system time on a remote system. The victim's time zone may also be inferred from the current system time or gathered by using <code>w32tm /tz</code>. (Citation: Technet Windows Time Service)

This information could be useful for performing other techniques, such as executing a file with a [Scheduled Task/Job](https://attack.mitre.org/techniques/T1053) (Citation: RSA EU12 They're Inside), or to discover locality information based on time zone to assist in victim targeting (i.e. [System Location Discovery](https://attack.mitre.org/techniques/T1614)). Adversaries may also use knowledge of system time as part of a time bomb, or delaying execution until a specified date/time.(Citation: AnyRun TimeBomb)</blockquote>

## Atomic Tests

- [Atomic Test #1 - System Time Discovery](#atomic-test-1---system-time-discovery)

- [Atomic Test #2 - System Time Discovery - PowerShell](#atomic-test-2---system-time-discovery---powershell)

- [Atomic Test #3 - System Time Discovery in macOS](#atomic-test-3---system-time-discovery-in-macos)


<br/>

## Atomic Test #1 - System Time Discovery
Identify the system time. Upon execution, the local computer system time and timezone will be displayed.

**Supported Platforms:** Windows


**auto_generated_guid:** 20aba24b-e61f-4b26-b4ce-4784f763ca20





#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| computer_name | computer name to query | String | localhost|


#### Attack Commands: Run with `command_prompt`! 


```cmd
net time \\#{computer_name}
w32tm /tz
```






<br/>
<br/>

## Atomic Test #2 - System Time Discovery - PowerShell
Identify the system time via PowerShell. Upon execution, the system time will be displayed.

**Supported Platforms:** Windows


**auto_generated_guid:** 1d5711d6-655c-4a47-ae9c-6503c74fa877






#### Attack Commands: Run with `powershell`! 


```powershell
Get-Date
```






<br/>
<br/>

## Atomic Test #3 - System Time Discovery in macOS
Identify system time. Upon execution, the local computer system time and timezone will be displayed.

**Supported Platforms:** macOS


**auto_generated_guid:** f449c933-0891-407f-821e-7916a21a1a6f






#### Attack Commands: Run with `sh`! 


```sh
date
```






<br/>