Commit Graph

52 Commits (26854f24b0ebdae3614f946d1eb2f7f6a06f150a)

Author SHA1 Message Date
Michael Haag 26854f24b0 System Network Configuration Discovery
+ Added System Network Configuration Discovery
2017-11-13 05:01:03 -08:00
Michael Haag 705f7d4dcf Powershell - Bloodhound
Added single command to download and execute Bloodhound.
2017-11-10 13:52:27 -08:00
Michael Haag e843ca71e7 Linux
+ Add Account Discovery
+ Fix Cron Job title
2017-11-08 22:19:10 -08:00
Michael Haag 2e4ff79e66 Chain reaction
Basic Chain reaction
2017-11-07 15:49:28 -08:00
caseysmithrc aaa7105a42
Merge pull request #17 from redcanaryco/dev-mh
Chain Reactions
2017-11-06 15:22:55 -07:00
Michael Haag 98f6d339e6 Chain Reactions 2017-11-06 14:21:36 -08:00
Michael Haag 0ca2758c28
Merge pull request #16 from redcanaryco/atomic-dev-cs
Atomic dev cs
2017-11-06 14:14:52 -08:00
caseysmithrc 479a11fa09 fix discovery cmd 2017-11-06 15:11:30 -07:00
caseysmithrc dcf67629de webinar script
Update
2017-11-06 15:07:57 -07:00
Michael Haag 427653c2ce Updated main
+ Modified main README with new README names
2017-11-05 21:29:39 -08:00
caseysmithrc cab7addfb9
Merge pull request #15 from redcanaryco/readmes
Rename OS level docs to README to take advantage of Github
2017-11-04 13:39:57 -06:00
Brian Beyer 9668bf2c24
Rename Mac.md to README.md 2017-11-04 15:36:59 -04:00
Brian Beyer 550e29773a
Rename Linux.md to README.md 2017-11-04 15:36:41 -04:00
Brian Beyer 3b03b3e9b8
Rename Windows.md to README.md 2017-11-04 15:36:03 -04:00
Brian Beyer 8e016a90d2
Add gitignore 2017-11-04 14:37:08 -04:00
caseysmithrc 666594cf6e
Merge pull request #14 from redcanaryco/dev-mh
GPP and bat fix
2017-11-03 11:42:13 -06:00
Michael Haag d61e743c41 Discovery bat fix
Removed a basic thing and made it even more basic
2017-11-03 09:56:44 -07:00
Michael Haag e22d823c4b Credentials in Files
+ Credentials in Files
+ add Get-GPPPassword.ps1
+ Update matrix
2017-11-02 11:53:28 -07:00
caseysmithrc 2096d7d969
Merge pull request #13 from redcanaryco/dev-mh
11-1-2017
2017-11-01 17:38:33 -06:00
Michael Haag b48f9e5f22 Deobfuscate_Decode_Files_Or_Information
Defense Evasion/Deobfuscate_Decode_Files_Or_Information Add
2017-11-01 16:28:57 -07:00
Michael Haag a12f456ce3 remove ds
dsstore goen
2017-11-01 16:25:53 -07:00
Michael Haag 0eaa1f25ad
Merge pull request #12 from redcanaryco/atomic-dev-cs
Atomic dev cs
2017-11-01 16:24:49 -07:00
caseysmithrc 06b210f766 certutil fix 2017-11-01 17:11:21 -06:00
Michael Haag 976f3ba40f Adds
Security software discovery
system time discovery
2017-11-01 16:02:40 -07:00
caseysmithrc 1e1ae19a33 certutil encode/decode 2017-11-01 16:52:46 -06:00
caseysmithrc e5236e6146
Merge pull request #10 from redcanaryco/dev-mh
Dev mh
2017-10-31 14:14:33 -06:00
Michael Haag be85bb6afe Discovery bat
+ Added reg queries to payload.
2017-10-31 12:58:40 -07:00
Michael Haag 66c37e8b53 Evasion and exfil
+ Added wevtutil and fsutil per what was used recently by BadBuddy Ransomware.
+ Added 2 ways to compress data with Powershell and rar.
2017-10-31 12:56:52 -07:00
caseysmithrc 480a201741 Merge pull request #7 from redcanaryco/Readme-mh
ReadMe Updates
2017-10-19 16:35:04 -06:00
Michael Haag 402b93eba8 Moved matrices
Moved to the top for easy access
2017-10-19 13:32:26 -07:00
Michael Haag 8dab533558 Readme link adds
Added Roberto Website and spreadsheet links
2017-10-19 13:30:14 -07:00
Michael Haag 59bbfe86b9 Readme Update
Overhauled Readme
2017-10-19 13:27:16 -07:00
Michael Haag b144a64e43 Merge pull request #6 from redcanaryco/Collection
Updated Windows Matrix
2017-10-17 15:11:19 -07:00
Michael Haag 59722275f6 Updated Windows Matrix
+ Added Clipboard Data
2017-10-17 15:09:43 -07:00
caseysmithrc 0ad43f6b67 Merge pull request #5 from redcanaryco/Collection
Windows - Collection
2017-10-17 13:46:05 -06:00
Michael Haag cf3f201c94 Fix
+ Line breaks
2017-10-17 11:55:57 -07:00
Michael Haag 3c17d14b37 Fixed Clipboard
+ Missing clip and made it completely compatible with powershell only now. No need to be in cmd.exe to start this.
2017-10-16 13:19:20 -07:00
caseysmithrc 6b23f04277 Merge pull request #4 from redcanaryco/mac-defense-evasion
Submitting two new Mac techniques
2017-10-13 14:57:50 -06:00
Keith McCammon 8342c241e6 Corrected tabstop 2017-10-13 14:25:18 -06:00
Keith McCammon ee6ed4ea1c Submitting two new Mac techniques
- Clear Command History
- Gatekeeper Bypass
2017-10-13 14:21:31 -06:00
caseysmithrc 6966598a1f Merge pull request #3 from mgreen27/patch-1
small change
2017-10-13 08:15:10 -06:00
Matthew Green cfa399357b small change 2017-10-13 23:26:09 +11:00
Michael Haag 34dd80d94b Initial Commit
+ Audio Capture
+ Automated Collection
+ Input Capture
+ collection bat
+ Payload
+ Updated Matrix
2017-10-12 15:05:28 -07:00
Michael Haag 87743faf73 Discovery
+ Added a Discovery bat file to run all the things at once. Generally, none of this activity is deemed "evil" as it is recon activity. Seeing it all run at once should be suspect to anyone.
+ Updates to two discovery files.
2017-10-12 10:35:44 -07:00
caseysmithrc 086c43c191 Update Windows.md 2017-10-12 08:05:08 -07:00
caseysmithrc da4c415d15 Merge pull request #1 from pwndad/patch-1
Broken links
2017-10-12 08:00:53 -07:00
Roman 09a3c0b2e5 Broken links
due to typos
2017-10-12 11:21:14 +02:00
Michael Haag 4d6d676be5 Cleanup
Small adds and changes
2017-10-11 20:27:24 -07:00
caseysmithrc 623ba37c58 Update Windows.md 2017-10-11 10:47:01 -07:00
caseysmithrc 479acc3aa8 Update Windows.md 2017-10-11 10:46:12 -07:00