security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ba1dc8a194c602c2d41d10461b99e657e929fec
atomic-red-team/Windows/Credential_Access/Private_Keys.md
T
Michael Haag 8ba1dc8a19 Technique Adds 
Private Keys
- Find them

DDE
- Reference: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/

Data Staged
2018-03-08 14:26:18 -06:00

17 lines
341 B
Markdown
Raw Blame History

# Private Keys
MITRE ATT&CK Technique: [T1145](https://attack.mitre.org/wiki/Technique/T1145)
File extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, pfx, .cer, .p7b, .asc
Input:
Make some files:
echo "ATOMICREDTEAM" > %windir%\cert.key
dir C:\Users\(username)\.ssh\
Find files:
dir c:\ /b /s .key | findstr /e .key
Reference in New Issue View Git Blame Copy Permalink