Tony M Lambert
a4c9ee4430
* first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * lowercase url * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * lowercase url * fixing yaml spacing issue * correcting input name * rm to del Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
1.9 KiB
1.9 KiB
T1124 - System Time Discovery
Description from ATT&CK
The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network. (Citation: MSDN System Time) (Citation: Technet Windows Time Service)An adversary may gather the system time and/or time zone from a local or remote system. This information may be gathered in a number of ways, such as with Net on Windows by performing
net time \hostnameto gather the system time on a remote system. The victim's time zone may also be inferred from the current system time or gathered by usingw32tm /tz. (Citation: Technet Windows Time Service) The information could be useful for performing other techniques, such as executing a file with a Scheduled Task (Citation: RSA EU12 They're Inside), or to discover locality information based on time zone to assist in victim targeting.
Atomic Tests
Atomic Test #1 - System Time Discovery
Identify the system time
Supported Platforms: Windows
Inputs:
| Name | Description | Type | Default Value |
|---|---|---|---|
| computer_name | computer name to query | string | localhost |
Attack Commands: Run with command_prompt!
net time \\#{computer_name}
w32tm /tz
Atomic Test #2 - System Time Discovery - PowerShell
Identify the system time via PowerShell
Supported Platforms: Windows
Attack Commands: Run with powershell!
Get-Date