security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1217/T1217.md
T
CircleCI Atomic Red Team doc generator 3899ee00cf Generate docs from job=validate_atomics_generate_docs branch=master
2019-09-03 15:31:13 +00:00

66 lines
2.4 KiB
Markdown
Raw Blame History

# T1217 - Browser Bookmark Discovery
## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1217)
<blockquote>Adversaries may enumerate browser bookmarks to learn more about compromised hosts. Browser bookmarks may reveal personal information about users (ex: banking sites, interests, social media, etc.) as well as details about internal network resources such as servers, tools/dashboards, or other related infrastructure.
Browser bookmarks may also highlight additional targets after an adversary has access to valid credentials, especially [Credentials in Files](https://attack.mitre.org/techniques/T1081) associated with logins cached by a browser.
Specific storage locations vary based on platform and/or application, but browser bookmarks are typically stored in local files/databases.</blockquote>
## Atomic Tests
- [Atomic Test #1 - List Mozilla Firefox Bookmark Database Files on Linux](#atomic-test-1---list-mozilla-firefox-bookmark-database-files-on-linux)
- [Atomic Test #2 - List Mozilla Firefox Bookmark Database Files on macOS](#atomic-test-2---list-mozilla-firefox-bookmark-database-files-on-macos)
- [Atomic Test #3 - List Google Chrome Bookmark JSON Files on macOS](#atomic-test-3---list-google-chrome-bookmark-json-files-on-macos)
<br/>
## Atomic Test #1 - List Mozilla Firefox Bookmark Database Files on Linux
Searches for Mozilla Firefox's places.sqlite file (on Linux distributions) that contains bookmarks and lists any found instances to a text file.
**Supported Platforms:** Linux
#### Run it with `sh`!
```
find / -path "*.mozilla/firefox/*/places.sqlite" -exec echo {} >> /tmp/firefox-bookmarks.txt \;
```
<br/>
<br/>
## Atomic Test #2 - List Mozilla Firefox Bookmark Database Files on macOS
Searches for Mozilla Firefox's places.sqlite file (on macOS) that contains bookmarks and lists any found instances to a text file.
**Supported Platforms:** macOS
#### Run it with `sh`!
```
find / -path "*/Firefox/Profiles/*/places.sqlite" -exec echo {} >> /tmp/firefox-bookmarks.txt \;
```
<br/>
<br/>
## Atomic Test #3 - List Google Chrome Bookmark JSON Files on macOS
Searches for Google Chrome's Bookmark file (on macOS) that contains bookmarks in JSON format and lists any found instances to a text file.
**Supported Platforms:** macOS
#### Run it with `sh`!
```
find / -path "*/Google/Chrome/*/Bookmarks" -exec echo {} >> /tmp/chrome-bookmarks.txt \;
```
<br/>
Reference in New Issue View Git Blame Copy Permalink