From 407c84b6f5151c24641525975f7d638518e4ec8f Mon Sep 17 00:00:00 2001
From: Michael Haag
 <“mike@redcanary.com  git config --global user.name “Michael Haag>
Date: Mon, 13 Nov 2017 11:02:39 -0700
Subject: [PATCH] Discovery Updates

+ More Tasklist.exe adds
+ Modified file directory listing to be recursive.
---
 .../Discovery/File_and_Directory_Discovery.md    |  8 ++++----
 Windows/Discovery/Security_Software_Discovery.md | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/Windows/Discovery/File_and_Directory_Discovery.md b/Windows/Discovery/File_and_Directory_Discovery.md
index 23b7aef..b440247 100644
--- a/Windows/Discovery/File_and_Directory_Discovery.md
+++ b/Windows/Discovery/File_and_Directory_Discovery.md
@@ -6,7 +6,7 @@ MITRE ATT&CK Technique: [T1083](https://attack.mitre.org/wiki/Technique/T1083)
 
 Input:
 
-    dir c:\ >> %temp%\download
-    dir "c:\Documents and Settings" >> %temp%\download
-    dir "c:\Program Files\" >> %temp%\download
-    dir d:\ >> %temp%\download
+    dir /s c:\ >> %temp%\download
+    dir /s "c:\Documents and Settings" >> %temp%\download
+    dir /s "c:\Program Files\" >> %temp%\download
+    dir /s d:\ >> %temp%\download
diff --git a/Windows/Discovery/Security_Software_Discovery.md b/Windows/Discovery/Security_Software_Discovery.md
index 8054c40..4843654 100644
--- a/Windows/Discovery/Security_Software_Discovery.md
+++ b/Windows/Discovery/Security_Software_Discovery.md
@@ -4,12 +4,26 @@ MITRE ATT&CK Technique: [T1018](https://attack.mitre.org/wiki/Technique/T1063)
 
 ### netsh
 
-    netsh.exe advfirewall firewall
+    netsh.exe advfirewall firewall show all profiles
 
 ### tasklist
 
+Input:
+
     tasklist.exe
 
+Input:
+
+    tasklist.exe | findstr virus
+
+Input:
+
+    tasklist.exe | findstr cb
+
+Input:
+
+    tasklist.exe | findstr defender
+
 
 ### PowerShell