security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ba1dc8a194c602c2d41d10461b99e657e929fec
atomic-red-team/Windows/Credential_Access/Private_Keys.md
T
Michael Haag 8ba1dc8a19 Technique Adds 
Private Keys
- Find them

DDE
- Reference: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/

Data Staged
2018-03-08 14:26:18 -06:00

341 B
Raw Blame History

Private Keys

MITRE ATT&CK Technique: T1145

File extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, pfx, .cer, .p7b, .asc

Input:

Make some files:

echo "ATOMICREDTEAM" > %windir%\cert.key dir C:\Users(username).ssh\

Find files:

  dir c:\ /b /s .key | findstr /e .key
Reference in New Issue View Git Blame Copy Permalink