security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1016/T1016.md
T
CircleCI Atomic Red Team doc generator 91e86258e6 Generate docs from job=validate_atomics_generate_docs branch=master
2019-10-24 17:09:43 +00:00

1.7 KiB
Raw Blame History

T1016 - System Network Configuration Discovery

Description from ATT&CK

Adversaries will likely look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include [Arp](https://attack.mitre.org/software/S0099), [ipconfig](https://attack.mitre.org/software/S0100)/[ifconfig](https://attack.mitre.org/software/S0101), [nbtstat](https://attack.mitre.org/software/S0102), and [route](https://attack.mitre.org/software/S0103).

Adversaries may use the information from System Network Configuration Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Atomic Tests


Atomic Test #1 - System Network Configuration Discovery

Identify network configuration information

Supported Platforms: Windows

Run it with command_prompt!

ipconfig /all
netsh interface show
arp -a
nbtstat -n
net config


Atomic Test #2 - System Network Configuration Discovery

Identify network configuration information

Supported Platforms: macOS, Linux

Run it with sh!

arp -a
netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c
ifconfig

Reference in New Issue View Git Blame Copy Permalink