Discovery Updates

+ More Tasklist.exe adds + Modified file directory listing to be recursive.
2017-11-13 11:02:39 -07:00 · 2017-11-13 11:02:39 -07:00 · 407c84b6f5
parent 61d4797e64
commit 407c84b6f5
2 changed files with 19 additions and 5 deletions
--- a/Windows/Discovery/File_and_Directory_Discovery.md
+++ b/Windows/Discovery/File_and_Directory_Discovery.md
@ -6,7 +6,7 @@ MITRE ATT&CK Technique: [T1083](https://attack.mitre.org/wiki/Technique/T1083)

 Input:

-    dir c:\ >> %temp%\download
-    dir "c:\Documents and Settings" >> %temp%\download
-    dir "c:\Program Files\" >> %temp%\download
-    dir d:\ >> %temp%\download
+    dir /s c:\ >> %temp%\download
+    dir /s "c:\Documents and Settings" >> %temp%\download
+    dir /s "c:\Program Files\" >> %temp%\download
+    dir /s d:\ >> %temp%\download
--- a/Windows/Discovery/Security_Software_Discovery.md
+++ b/Windows/Discovery/Security_Software_Discovery.md
@ -4,12 +4,26 @@ MITRE ATT&CK Technique: [T1018](https://attack.mitre.org/wiki/Technique/T1063)

 ### netsh

-    netsh.exe advfirewall firewall
+    netsh.exe advfirewall firewall show all profiles

 ### tasklist

+Input:
+
    tasklist.exe

+Input:
+
+    tasklist.exe | findstr virus
+
+Input:
+
+    tasklist.exe | findstr cb
+
+Input:
+
+    tasklist.exe | findstr defender
+

 ### PowerShell