All public logs

Combined display of all available logs of RCATs. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
  • 15:17, 26 January 2023 SourMilk talk contribs created page Data Encrypted (Created page with "Category:Impact Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data per...")
  • 15:17, 26 January 2023 SourMilk talk contribs created page Data Destruction (Created page with "Category:Impact Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives. Common operating system file deletion commands such as del and rm often only remove pointers to files without wiping the contents of the files t...")
  • 15:16, 26 January 2023 Ali3nw3rx talk contribs created page Category:Execution (Created page with "The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.")
  • 15:16, 26 January 2023 SourMilk talk contribs created page Account Access Removal (Created page with "Category:Impact Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts. Adversaries may also subsequently log off and/or perform a System Shutdown/Reboot to set malicious changes into place.")
  • 15:14, 26 January 2023 SourMilk talk contribs created page Category:Impact (Created page with "The adversary is trying to manipulate, interrupt, or destroy your systems and data. Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to foll...")
  • 13:38, 25 January 2023 SourMilk talk contribs created page Mimikatz (Created page with "Category:Tools") Tag: Visual edit
  • 14:47, 22 January 2023 Ali3nw3rx talk contribs created page Template:Writeup (Created page with "==Box Info== <syntaxhighlight> * Box Name * Box IP * Date </syntaxhighlight> ==Enumeration== ===Credentials=== <syntaxhighlight> * Usernames * Passwords * Hashes * Notes </syntaxhighlight> ===NMAP=== ===LINWINPWN=== ===DIR SEARCH=== ==Exploits== ==Foot Hold== ==Privilege Escalation== ==Pivot/Lateral Movement==")
  • 14:37, 22 January 2023 Ali3nw3rx talk contribs created page Writeup (Created page with "{{Writeup}}") Tag: Visual edit: Switched
  • 13:49, 22 January 2023 Ali3nw3rx talk contribs created page Compromise Infrastructure (Created page with "Adversaries may compromise third-party infrastructure that can be used during targeting. Infrastructure solutions include physical or cloud servers, domains, and third-party web and DNS services. Instead of buying, leasing, or renting infrastructure an adversary may compromise infrastructure and use it during other phases of the adversary lifecycle.[1][2][3][4] Additionally, adversaries may compromise numerous machines to form a botnet they can leverage. Use of compromi...")
  • 13:42, 22 January 2023 Ali3nw3rx talk contribs created page Email Accounts (Created page with "Adversaries may compromise email accounts that can be used during targeting. Adversaries can use compromised email accounts to further their operations, such as leveraging them to conduct Phishing for Information or Phishing. Utilizing an existing persona with a compromised email account may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the compromised persona. Compromised email accounts can also be used in the acquisition...")
  • 13:41, 22 January 2023 Ali3nw3rx talk contribs created page Social Media Accounts (Created page with "Adversaries may compromise social media accounts that can be used during targeting. For operations incorporating social engineering, the utilization of an online persona may be important. Rather than creating and cultivating social media profiles (i.e. Social Media Accounts), adversaries may compromise existing social media accounts. Utilizing an existing persona may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the comprom...")
  • 13:39, 22 January 2023 Ali3nw3rx talk contribs created page Category:Compromise Accounts (Created page with "Adversaries may compromise accounts with services that can be used during targeting. For operations incorporating social engineering, the utilization of an online persona may be important. Rather than creating and cultivating accounts (i.e. Establish Accounts), adversaries may compromise existing accounts. Utilizing an existing persona may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the compromised persona. A variety of...") Tag: Visual edit: Switched
  • 13:36, 22 January 2023 Ali3nw3rx talk contribs created page Serverless (Created page with "Adversaries may purchase and configure serverless cloud infrastructure, such as Cloudflare Workers or AWS Lambda functions, that can be used during targeting. By utilizing serverless infrastructure, adversaries can make it more difficult to attribute infrastructure used during operations back to them. Once acquired, the serverless runtime environment can be leveraged to either respond directly to infected machines or to Proxy traffic to an adversary-owned command and co...") Tag: Visual edit
  • 13:35, 22 January 2023 Ali3nw3rx talk contribs created page Web Services (Created page with "Adversaries may register for web services that can be used during targeting. A variety of popular websites exist for adversaries to register for a web-based service that can be abused during later stages of the adversary lifecycle, such as during Command and Control (Web Service) or Exfiltration Over Web Service. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. By utilizing a web service, advers...") Tag: Visual edit
  • 13:34, 22 January 2023 Ali3nw3rx talk contribs created page Botnet (Created page with "Adversaries may buy, lease, or rent a network of compromised systems that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks.[1] Adversaries may purchase a subscription to use an existing botnet from a booter/stresser service. With a botnet at their disposal, adversaries may perform follow-on activity such as large-scale Phishing or Distributed Denial of Service (DDoS).[2][3][4][5] category:Ac...")
  • 13:34, 22 January 2023 Ali3nw3rx talk contribs created page Server (Created page with "Adversaries may buy, lease, or rent physical servers that can be used during targeting. Use of servers allows an adversary to stage, launch, and execute an operation. During post-compromise activity, adversaries may utilize servers for various tasks, including for Command and Control. Instead of compromising a third-party Server or renting a Virtual Private Server, adversaries may opt to configure and run their own servers in support of operations. Adversaries may only...")
  • 13:29, 22 January 2023 Ali3nw3rx talk contribs created page Recon (Redirected page to Category:Reconnaissance) Tag: New redirect
  • 13:27, 22 January 2023 Ali3nw3rx talk contribs created page Virtual Private Server (Created page with "Adversaries may rent Virtual Private Servers (VPSs) that can be used during targeting. There exist a variety of cloud service providers that will sell virtual machines/containers as a service. By utilizing a VPS, adversaries can make it difficult to physically tie back operations to them. The use of cloud infrastructure can also make it easier for adversaries to rapidly provision, modify, and shut down their infrastructure. Acquiring a VPS for use in later stages of the...") Tag: Visual edit: Switched
  • 13:27, 22 January 2023 Ali3nw3rx talk contribs created page DNS Server (Created page with "Adversaries may set up their own Domain Name System (DNS) servers that can be used during targeting. During post-compromise activity, adversaries may utilize DNS traffic for various tasks, including for Command and Control (ex: Application Layer Protocol). Instead of hijacking existing DNS servers, adversaries may opt to configure and run their own DNS servers in support of operations. By running their own DNS servers, adversaries can have more control over how they adm...") Tag: Visual edit
  • 13:26, 22 January 2023 SourMilk talk contribs created page Hack the box (Created page with "REDIRECT ''Category:HackTheBox''") Tag: Visual edit
  • 13:23, 22 January 2023 Ali3nw3rx talk contribs created page Domains (Created page with "Adversaries may acquire domains that can be used during targeting. Domain names are the human readable names used to represent one or more IP addresses. They can be purchased or, in some cases, acquired for free. Adversaries may use acquired domains for a variety of purposes, including for Phishing, Drive-by Compromise, and Command and Control.[1] Adversaries may choose domains that are similar to legitimate domains, including through use of homoglyphs or use of a diffe...")
  • 13:22, 22 January 2023 Ali3nw3rx talk contribs created page Category:Acquire Infrastructure (Created page with "Adversaries may buy, lease, or rent infrastructure that can be used during targeting. A wide variety of infrastructure exists for hosting and orchestrating adversary operations. Infrastructure solutions include physical or cloud servers, domains, and third-party web services.[1] Additionally, botnets are available for rent or purchase. Use of these infrastructure solutions allows an adversary to stage, launch, and execute an operation. Solutions may help adversary opera...")
  • 13:20, 22 January 2023 Ali3nw3rx talk contribs created page Category:Resource Development (Created page with "The adversary is trying to establish resources they can use to support operations. Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Cont...") Tag: Visual edit
  • 13:12, 22 January 2023 Ali3nw3rx talk contribs deleted page Reconnaissance (content was: "Category:Reconnaissance test page __NEWSECTIONLINK__", and the only contributor was "Ali3nw3rx" (talk))
  • 12:56, 22 January 2023 Ali3nw3rx talk contribs created page File:Gaming-logo-generator-with-a-masked-shooter-character-2734l-2927.png
  • 12:56, 22 January 2023 Ali3nw3rx talk contribs uploaded File:Gaming-logo-generator-with-a-masked-shooter-character-2734l-2927.png
  • 12:44, 22 January 2023 Ali3nw3rx talk contribs created page File:Logo-template-featuring-gaming-weapons-3019 (1).png
  • 12:44, 22 January 2023 Ali3nw3rx talk contribs uploaded File:Logo-template-featuring-gaming-weapons-3019 (1).png
  • 12:43, 22 January 2023 Ali3nw3rx talk contribs created page File:Gaming-logo-maker-featuring-robotic-animal-graphics-1028-el1 (2).png
  • 12:43, 22 January 2023 Ali3nw3rx talk contribs uploaded File:Gaming-logo-maker-featuring-robotic-animal-graphics-1028-el1 (2).png
  • 12:31, 22 January 2023 Ali3nw3rx talk contribs created page Reconnaissance (Created page with "Category:Reconnaissance test page __NEWSECTIONLINK__") Tag: Visual edit
  • 10:36, 22 January 2023 SourMilk talk contribs created page Investigation (Created page with "[Category:Medium] ==Enumeration== ===Nmap=== <syntaxhighlight lang="bash"> Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-22 08:16 MST Nmap scan report for 10.129.10.145 Host is up (0.12s latency). Not shown: 998 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA) | 256 274520add2faa73a8373d97c79abf30b (ECDSA) |_...") Tag: Visual edit: Switched
  • 02:34, 22 January 2023 Ali3nw3rx talk contribs created page CrackMapExec (Created page with "CrackMapExec Page Coming Soon....") Tag: Visual edit
  • 18:26, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Victim-Owned Websites (Created page with "Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: Email Addresses). These sites may also have details highlighting business operations and relationships.[1] Adversaries may search victim-owned websites to gather actionable informa...")
  • 18:25, 21 January 2023 Ali3nw3rx talk contribs deleted page Categroy: Search Victim-Owned Websites (content was: "Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: Email Addresses). These sites may also have details highlighting business opera...", and the only contributor was "Ali3nw3rx" (talk))
  • 18:22, 21 January 2023 Ali3nw3rx talk contribs created page Categroy: Search Victim-Owned Websites (Created page with "Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: Email Addresses). These sites may also have details highlighting business operations and relationships.[1] Adversaries may search victim-owned websites to gather actionable informa...")
  • 18:21, 21 January 2023 Ali3nw3rx talk contribs created page Code Repositories (Created page with "Adversaries may search public code repositories for information about victims that can be used during targeting. Victims may store code in repositories on various third-party websites such as GitHub, GitLab, SourceForge, and BitBucket. Users typically interact with code repositories through a web application or command-line utilities such as git. Adversaries may search various public code repositories for various information about a victim. Public code repositories can...")
  • 18:20, 21 January 2023 Ali3nw3rx talk contribs created page Search Engines (Created page with "Adversaries may use search engines to collect information about victims that can be used during targeting. Search engine services typical crawl online sites to index context and may provide users with specialized syntax to search for specific keywords or specific types of content (i.e. filetypes).[1][2] Adversaries may craft various search engine queries depending on what information they seek to gather. Threat actors may use search engines to harvest general informatio...")
  • 18:18, 21 January 2023 Ali3nw3rx talk contribs created page Social Media (Created page with "Adversaries may search social media for information about victims that can be used during targeting. Social media sites may contain various information about a victim organization, such as business announcements as well as information about the roles, locations, and interests of staff. Adversaries may search in different social media sites depending on what information they seek to gather. Threat actors may passively harvest data from these sites, as well as use informa...")
  • 18:17, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Open Websites/Domains (Created page with "Adversaries may search freely available websites and/or domains for information about victims that can be used during targeting. Information about victims may be available in various online sites, such as social media, new sites, or those hosting information about business operations such as hiring or requested/rewarded contracts.[1][2][3] Adversaries may search in different online sites depending on what information they seek to gather. Information from these sources m...")
  • 18:14, 21 January 2023 Ali3nw3rx talk contribs created page Scan Databases (Created page with "Adversaries may search within public scan databases for information about victims that can be used during targeting. Various online services continuously publish the results of Internet scans/surveys, often harvesting information such as active IP addresses, hostnames, open ports, certificates, and even server banners.[1] Adversaries may search scan databases to gather actionable information. Threat actors can use online resources and lookup tools to harvest information...")
  • 18:13, 21 January 2023 Ali3nw3rx talk contribs created page CDNs (Created page with "Adversaries may search content delivery network (CDN) data about victims that can be used during targeting. CDNs allow an organization to host content from a distributed, load balanced array of servers. CDNs may also allow organizations to customize content delivery based on the requestor’s geographical region. Adversaries may search CDN data to gather actionable information. Threat actors can use online resources and lookup tools to harvest information about content...") Tag: Visual edit: Switched
  • 18:13, 21 January 2023 Ali3nw3rx talk contribs created page Digital Certificates (Created page with "Adversaries may search public digital certificate data for information about victims that can be used during targeting. Digital certificates are issued by a certificate authority (CA) in order to cryptographically verify the origin of signed content. These certificates, such as those used for encrypted web traffic (HTTPS SSL/TLS communications), contain information about the registered organization such as name and location. Adversaries may search digital certificate da...") Tag: Visual edit
  • 18:12, 21 January 2023 Ali3nw3rx talk contribs created page WHOIS (Created page with "Adversaries may search public WHOIS data for information about victims that can be used during targeting. WHOIS data is stored by regional Internet registries (RIR) responsible for allocating and assigning Internet resources such as domain names. Anyone can query WHOIS servers for information about a registered domain, such as assigned IP blocks, contact information, and DNS nameservers.[1] Adversaries may search WHOIS data to gather actionable information. Threat actor...") Tag: Visual edit: Switched
  • 18:11, 21 January 2023 Ali3nw3rx talk contribs created page DNS/Passive DNS (Created page with "Adversaries may search DNS data for information about victims that can be used during targeting. DNS information may include a variety of details, including registered name servers as well as records that outline addressing for a target’s subdomains, mail servers, and other hosts. Adversaries may search DNS data to gather actionable information. Threat actors can query nameservers for a target organization directly, or search through centralized repositories of logged...") Tag: Visual edit
  • 18:10, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Open Technical Databases (Created page with "Adversaries may search freely available technical databases for information about victims that can be used during targeting. Information about victims may be available in online databases and repositories, such as registrations of domains/certificates as well as public collections of network data/artifacts gathered from traffic and/or scans.[1][2][3][4][5][6][7] Adversaries may search in different open databases depending on what information they seek to gather. Informa...") Tag: Visual edit
  • 18:09, 21 January 2023 Ali3nw3rx talk contribs created page Purchase Technical Data (Created page with "Adversaries may purchase technical information about victims that can be used during targeting. Information about victims may be available for purchase within reputable private sources and databases, such as paid subscriptions to feeds of scan databases or other data aggregation services. Adversaries may also purchase information from less-reputable sources such as dark web or cybercrime blackmarkets. Adversaries may purchase information about their already identified t...") Tag: Visual edit
  • 18:08, 21 January 2023 Ali3nw3rx talk contribs created page Threat Intel Vendors (Created page with "Adversaries may search private data from threat intelligence vendors for information that can be used during targeting. Threat intelligence vendors may offer paid feeds or portals that offer more data than what is publicly reported. Although sensitive details (such as customer names and other identifiers) may be redacted, this information may contain trends regarding breaches such as target industries, attribution claims, and successful TTPs/countermeasures.[1] Adversar...") Tag: Visual edit
  • 13:59, 21 January 2023 Fr0M4str talk contribs created page SMB (nothing) Tag: Visual edit
  • 10:05, 21 January 2023 SourMilk talk contribs deleted page Active Scanning (content was: "This is a test Active Scanning:Reconnaissance", and the only contributor was "Ali3nw3rx" (talk))
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
Retrieved from "https://rcats.dev/rcats/index.php/Special:Log"