security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
22d7cdcec8a5a9227ee4e7d2096d7a0488bb229c
atomic-red-team/Windows/Discovery/Security_Software_Discovery.md
T
Michael Haag 407c84b6f5 Discovery Updates 
+ More Tasklist.exe adds
+ Modified file directory listing to be recursive.
2017-11-13 11:02:39 -07:00

39 lines
612 B
Markdown
Raw Blame History

# Security Software Discovery
MITRE ATT&CK Technique: [T1018](https://attack.mitre.org/wiki/Technique/T1063)
### netsh
netsh.exe advfirewall firewall show all profiles
### tasklist
Input:
tasklist.exe
Input:
tasklist.exe | findstr virus
Input:
tasklist.exe | findstr cb
Input:
tasklist.exe | findstr defender
### PowerShell
powershell.exe get-process | ?{$_.Description -like "*virus*"}
#### CarbonBlack
powershell.exe get-process | ?{$_.Description -like "*carbonblack*"}
#### Windows Defender
powershell.exe get-process | ?{$_.Description -like "*defender*"}
Reference in New Issue View Git Blame Copy Permalink