Evasion and exfil
+ Added wevtutil and fsutil per what was used recently by BadBuddy Ransomware. + Added 2 ways to compress data with Powershell and rar.readmes
parent
480a201741
commit
66c37e8b53
|
@ -11,3 +11,17 @@ Clear system logs
|
|||
Clear Security logs
|
||||
|
||||
wevtutil cl Security
|
||||
|
||||
Clear Setup logs
|
||||
|
||||
wevtutil cl Setup
|
||||
|
||||
Clear Application logs
|
||||
|
||||
wevtutil cl Application
|
||||
|
||||
## Fsutil
|
||||
|
||||
Manages the update sequence number (USN) change journal, which provides a persistent log of all changes made to files on the volume.
|
||||
|
||||
fsutil usn deletejournal /D C:
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# File Deletion
|
||||
|
||||
MITRE ATT&CK Technique: [T1002](https://attack.mitre.org/wiki/Technique/T1002)
|
||||
|
||||
## PowerShell
|
||||
|
||||
powershell.exe dir c:\* -Recurse | Compress-Archive -DestinationPath C:\test\Data.zip
|
||||
|
||||
## Rar
|
||||
|
||||
rar a -r exfilthis.rar *.docx
|
Loading…
Reference in New Issue