Michael Haag
25 lines
668 B
YAML
25 lines
668 B
YAML
---
|
|
attack_technique: T1056
|
|
display_name: Input Capture
|
|
|
|
atomic_tests:
|
|
- name: Input Capture
|
|
description: |
|
|
Utilize PowerShell and external resource to capture keystrokes
|
|
[Payload](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056/Get-Keystrokes.ps1)
|
|
Provided by [PowerSploit](https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-Keystrokes.ps1)
|
|
|
|
supported_platforms:
|
|
- windows
|
|
|
|
input_arguments:
|
|
filepath:
|
|
description: Name of the local file, include path.
|
|
type: Path
|
|
default: c:\key.log
|
|
|
|
executor:
|
|
name: powershell
|
|
command: |
|
|
.\Get-Keystrokes.ps1 -LogPath #{filepath}
|