security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1123/T1123.md
T
CircleCI Atomic Red Team doc generator 499c751bcc Generate docs from job=validate_atomics_generate_docs branch=master
2019-09-03 13:36:10 +00:00

1.7 KiB
Raw Blame History

T1123 - Audio Capture

Description from ATT&CK

An adversary can leverage a computer's peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening into sensitive conversations to gather information.

Malware or scripts may be used to interact with the devices through an available API provided by the operating system or an application to capture audio. Audio files may be written to disk and exfiltrated later.

Atomic Tests


Atomic Test #1 - SourceRecorder via Windows command prompt

Create a file called test.wma, with the duration of 30 seconds

Supported Platforms: Windows

Inputs

Name Description Type Default Value
output_file Path to the recording file being captured Path test.wma
duration_hms Duration of audio to be recorded (in h:m:s format) Path 30

Run it with command_prompt!

SoundRecorder /FILE #{output_file} /DURATION #{duration_hms}


Atomic Test #2 - PowerShell Cmdlet via Windows command prompt

AudioDeviceCmdlets

Supported Platforms: Windows

Run it with command_prompt!

powershell.exe -Command WindowsAudioDevice-Powershell-Cmdlet

Reference in New Issue View Git Blame Copy Permalink