Tony M Lambert
c3b398e48c
* Revert "Add Dependencies section to test Yaml and support to use them in the PS execution framework (#772)"
This reverts commit 511bb87af2.
* Generate docs from job=validate_atomics_generate_docs branch=revert-511bb87af29fb302dbd9e85bd93c2c00a47953ba
1.8 KiB
1.8 KiB
T1124 - System Time Discovery
Description from ATT&CK
The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network. (Citation: MSDN System Time) (Citation: Technet Windows Time Service)An adversary may gather the system time and/or time zone from a local or remote system. This information may be gathered in a number of ways, such as with Net on Windows by performing
net time \hostnameto gather the system time on a remote system. The victim's time zone may also be inferred from the current system time or gathered by usingw32tm /tz. (Citation: Technet Windows Time Service) The information could be useful for performing other techniques, such as executing a file with a Scheduled Task (Citation: RSA EU12 They're Inside), or to discover locality information based on time zone to assist in victim targeting.
Atomic Tests
Atomic Test #1 - System Time Discovery
Identify the system time
Supported Platforms: Windows
Inputs
| Name | Description | Type | Default Value |
|---|---|---|---|
| computer_name | computer name to query | string | localhost |
Run it with command_prompt!
net time \\#{computer_name}
w32tm /tz
Atomic Test #2 - System Time Discovery - PowerShell
Identify the system time via PowerShell
Supported Platforms: Windows
Run it with powershell!
Get-Date