Michael Haag
61d4797e64
Chain Reaction
...
+ New chain reaction
2017-11-13 11:01:57 -07:00
Michael Haag
26854f24b0
System Network Configuration Discovery
...
+ Added System Network Configuration Discovery
2017-11-13 05:01:03 -08:00
Michael Haag
705f7d4dcf
Powershell - Bloodhound
...
Added single command to download and execute Bloodhound.
2017-11-10 13:52:27 -08:00
Michael Haag
e843ca71e7
Linux
...
+ Add Account Discovery
+ Fix Cron Job title
2017-11-08 22:19:10 -08:00
Michael Haag
2e4ff79e66
Chain reaction
...
Basic Chain reaction
2017-11-07 15:49:28 -08:00
caseysmithrc
aaa7105a42
Merge pull request #17 from redcanaryco/dev-mh
...
Chain Reactions
2017-11-06 15:22:55 -07:00
Michael Haag
98f6d339e6
Chain Reactions
2017-11-06 14:21:36 -08:00
Michael Haag
0ca2758c28
Merge pull request #16 from redcanaryco/atomic-dev-cs
...
Atomic dev cs
2017-11-06 14:14:52 -08:00
caseysmithrc
479a11fa09
fix discovery cmd
2017-11-06 15:11:30 -07:00
caseysmithrc
dcf67629de
webinar script
...
Update
2017-11-06 15:07:57 -07:00
Michael Haag
427653c2ce
Updated main
...
+ Modified main README with new README names
2017-11-05 21:29:39 -08:00
caseysmithrc
cab7addfb9
Merge pull request #15 from redcanaryco/readmes
...
Rename OS level docs to README to take advantage of Github
2017-11-04 13:39:57 -06:00
Brian Beyer
9668bf2c24
Rename Mac.md to README.md
2017-11-04 15:36:59 -04:00
Brian Beyer
550e29773a
Rename Linux.md to README.md
2017-11-04 15:36:41 -04:00
Brian Beyer
3b03b3e9b8
Rename Windows.md to README.md
2017-11-04 15:36:03 -04:00
Brian Beyer
8e016a90d2
Add gitignore
2017-11-04 14:37:08 -04:00
caseysmithrc
666594cf6e
Merge pull request #14 from redcanaryco/dev-mh
...
GPP and bat fix
2017-11-03 11:42:13 -06:00
Michael Haag
d61e743c41
Discovery bat fix
...
Removed a basic thing and made it even more basic
2017-11-03 09:56:44 -07:00
Michael Haag
e22d823c4b
Credentials in Files
...
+ Credentials in Files
+ add Get-GPPPassword.ps1
+ Update matrix
2017-11-02 11:53:28 -07:00
caseysmithrc
2096d7d969
Merge pull request #13 from redcanaryco/dev-mh
...
11-1-2017
2017-11-01 17:38:33 -06:00
Michael Haag
b48f9e5f22
Deobfuscate_Decode_Files_Or_Information
...
Defense Evasion/Deobfuscate_Decode_Files_Or_Information Add
2017-11-01 16:28:57 -07:00
Michael Haag
a12f456ce3
remove ds
...
dsstore goen
2017-11-01 16:25:53 -07:00
Michael Haag
0eaa1f25ad
Merge pull request #12 from redcanaryco/atomic-dev-cs
...
Atomic dev cs
2017-11-01 16:24:49 -07:00
caseysmithrc
06b210f766
certutil fix
2017-11-01 17:11:21 -06:00
Michael Haag
976f3ba40f
Adds
...
Security software discovery
system time discovery
2017-11-01 16:02:40 -07:00
caseysmithrc
1e1ae19a33
certutil encode/decode
2017-11-01 16:52:46 -06:00
caseysmithrc
e5236e6146
Merge pull request #10 from redcanaryco/dev-mh
...
Dev mh
2017-10-31 14:14:33 -06:00
Michael Haag
be85bb6afe
Discovery bat
...
+ Added reg queries to payload.
2017-10-31 12:58:40 -07:00
Michael Haag
66c37e8b53
Evasion and exfil
...
+ Added wevtutil and fsutil per what was used recently by BadBuddy Ransomware.
+ Added 2 ways to compress data with Powershell and rar.
2017-10-31 12:56:52 -07:00
caseysmithrc
480a201741
Merge pull request #7 from redcanaryco/Readme-mh
...
ReadMe Updates
2017-10-19 16:35:04 -06:00
Michael Haag
402b93eba8
Moved matrices
...
Moved to the top for easy access
2017-10-19 13:32:26 -07:00
Michael Haag
8dab533558
Readme link adds
...
Added Roberto Website and spreadsheet links
2017-10-19 13:30:14 -07:00
Michael Haag
59bbfe86b9
Readme Update
...
Overhauled Readme
2017-10-19 13:27:16 -07:00
Michael Haag
b144a64e43
Merge pull request #6 from redcanaryco/Collection
...
Updated Windows Matrix
2017-10-17 15:11:19 -07:00
Michael Haag
59722275f6
Updated Windows Matrix
...
+ Added Clipboard Data
2017-10-17 15:09:43 -07:00
caseysmithrc
0ad43f6b67
Merge pull request #5 from redcanaryco/Collection
...
Windows - Collection
2017-10-17 13:46:05 -06:00
Michael Haag
cf3f201c94
Fix
...
+ Line breaks
2017-10-17 11:55:57 -07:00
Michael Haag
3c17d14b37
Fixed Clipboard
...
+ Missing clip and made it completely compatible with powershell only now. No need to be in cmd.exe to start this.
2017-10-16 13:19:20 -07:00
caseysmithrc
6b23f04277
Merge pull request #4 from redcanaryco/mac-defense-evasion
...
Submitting two new Mac techniques
2017-10-13 14:57:50 -06:00
Keith McCammon
8342c241e6
Corrected tabstop
2017-10-13 14:25:18 -06:00
Keith McCammon
ee6ed4ea1c
Submitting two new Mac techniques
...
- Clear Command History
- Gatekeeper Bypass
2017-10-13 14:21:31 -06:00
caseysmithrc
6966598a1f
Merge pull request #3 from mgreen27/patch-1
...
small change
2017-10-13 08:15:10 -06:00
Matthew Green
cfa399357b
small change
2017-10-13 23:26:09 +11:00
Michael Haag
34dd80d94b
Initial Commit
...
+ Audio Capture
+ Automated Collection
+ Input Capture
+ collection bat
+ Payload
+ Updated Matrix
2017-10-12 15:05:28 -07:00
Michael Haag
87743faf73
Discovery
...
+ Added a Discovery bat file to run all the things at once. Generally, none of this activity is deemed "evil" as it is recon activity. Seeing it all run at once should be suspect to anyone.
+ Updates to two discovery files.
2017-10-12 10:35:44 -07:00
caseysmithrc
086c43c191
Update Windows.md
2017-10-12 08:05:08 -07:00
caseysmithrc
da4c415d15
Merge pull request #1 from pwndad/patch-1
...
Broken links
2017-10-12 08:00:53 -07:00
Roman
09a3c0b2e5
Broken links
...
due to typos
2017-10-12 11:21:14 +02:00
Michael Haag
4d6d676be5
Cleanup
...
Small adds and changes
2017-10-11 20:27:24 -07:00
caseysmithrc
623ba37c58
Update Windows.md
2017-10-11 10:47:01 -07:00