security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
22d7cdcec8a5a9227ee4e7d2096d7a0488bb229c
atomic-red-team/Windows/Discovery/Security_Software_Discovery.md
T
Michael Haag 407c84b6f5 Discovery Updates 
+ More Tasklist.exe adds
+ Modified file directory listing to be recursive.
2017-11-13 11:02:39 -07:00

612 B
Raw Blame History

Security Software Discovery

MITRE ATT&CK Technique: T1018

netsh

netsh.exe advfirewall firewall show all profiles

tasklist

Input:

tasklist.exe

Input:

tasklist.exe | findstr virus

Input:

tasklist.exe | findstr cb

Input:

tasklist.exe | findstr defender

PowerShell

powershell.exe get-process | ?{$_.Description -like "*virus*"}

CarbonBlack

powershell.exe get-process | ?{$_.Description -like "*carbonblack*"}

Windows Defender

powershell.exe get-process | ?{$_.Description -like "*defender*"}
Reference in New Issue View Git Blame Copy Permalink