Combined display of all available logs of RCATs. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).
- 00:37, 21 January 2023 Ali3nw3rx talk contribs created page Network Trust Dependencies (Created page with "Adversaries may gather information about the victim's network trust dependencies that can be used during targeting. Information about network trusts may include a variety of details, including second or third-party organizations/domains (ex: managed service providers, contractors, etc.) that have connected (and potentially elevated) network access. Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Informati...") Tag: Visual edit
- 00:36, 21 January 2023 Ali3nw3rx talk contribs created page DNS (Created page with "Adversaries may gather information about the victim's DNS that can be used during targeting. DNS information may include a variety of details, including registered name servers as well as records that outline addressing for a target’s subdomains, mail servers, and other hosts. DNS, MX, TXT, and SPF records may also reveal the use of third party cloud and SaaS providers, such as Office 365, G Suite, Salesforce, or Zendesk.[1] Adversaries may gather this information in...") Tag: Visual edit
- 00:34, 21 January 2023 Ali3nw3rx talk contribs created page Domain Properties (Created page with "Adversaries may gather information about the victim's network domain(s) that can be used during targeting. Information about domains and their properties may include a variety of details, including what domain(s) the victim owns as well as administrative data (ex: name, registrar, etc.) and more directly actionable information such as contacts (email addresses and phone numbers), business addresses, and name servers. Adversaries may gather this information in various wa...") Tag: Visual edit
- 00:29, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Network Information (Created page with "Adversaries may gather information about the victim's networks that can be used during targeting. Information about networks may include a variety of details, including administrative data (ex: IP ranges, domain names, etc.) as well as specifics regarding its topology and operations. Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning or Phishing for Information. Information about networks may also be exposed to...") Tag: Visual edit
- 00:26, 21 January 2023 Ali3nw3rx talk contribs deleted page WIndows Credentials (content was: "This is a place holder category:credentials", and the only contributor was "Ali3nw3rx" (talk))
- 00:24, 21 January 2023 Ali3nw3rx talk contribs created page WIndows Credentials (Created page with "This is a place holder category:credentials") Tag: Visual edit
- 00:23, 21 January 2023 Ali3nw3rx talk contribs created page Employee Names (Created page with "Adversaries may gather employee names that can be used during targeting. Employee names be used to derive email addresses as well as to help guide other reconnaissance efforts and/or craft more-believable lures. Adversaries may easily gather employee names, since they may be readily available and exposed via online or other accessible data sets (ex: Social Media or Search Victim-Owned Websites).[1] Gathering this information may reveal opportunities for other forms of r...") Tag: Visual edit
- 00:22, 21 January 2023 Ali3nw3rx talk contribs created page Email Addresses (Created page with "Adversaries may gather email addresses that can be used during targeting. Even if internal instances exist, organizations may have public-facing email infrastructure and addresses for employees. Adversaries may easily gather email addresses, since they may be readily available and exposed via online or other accessible data sets (ex: Social Media or Search Victim-Owned Websites).[1][2] Email addresses could also be enumerated via more active means (i.e. Active Scanning)...") Tag: Visual edit
- 00:20, 21 January 2023 Ali3nw3rx talk contribs created page Credentials (Created page with "Adversaries may gather credentials that can be used during targeting. Account credentials gathered by adversaries may be those directly associated with the target victim organization or attempt to take advantage of the tendency for users to use the same passwords across personal and business accounts. Adversaries may gather credentials from potential victims in various ways, such as direct elicitation via Phishing for Information. Adversaries may also compromise sites t...") Tag: Visual edit
- 00:19, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Identity Information (Created page with "Adversaries may gather information about the victim's identity that can be used during targeting. Information about identities may include a variety of details, including personal data (ex: employee names, email addresses, etc.) as well as sensitive details such as credentials. Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Information about users could also be enumerated via other active means (i.e. Act...") Tag: Visual edit
- 00:16, 21 January 2023 Ali3nw3rx talk contribs created page Client Configurations (Created page with "Adversaries may gather information about the victim's client configurations that can be used during targeting. Information about client configurations may include a variety of details and settings, including operating system/version, virtualization, architecture (ex: 32 or 64 bit), language, and/or time zone. Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning (ex: listening ports, server banners, user agent str...") Tag: Visual edit
- 00:15, 21 January 2023 Ali3nw3rx talk contribs created page Firmware (Created page with "Adversaries may gather information about the victim's host firmware that can be used during targeting. Information about host firmware may include a variety of details such as type and versions on specific hosts, which may be used to infer more information about hosts in the environment (ex: configuration, purpose, age/patch level, etc.). Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Information about h...") Tag: Visual edit
- 00:15, 21 January 2023 Ali3nw3rx talk contribs created page Software (Created page with "Adversaries may gather information about the victim's host software that can be used during targeting. Information about installed software may include a variety of details such as types and versions on specific hosts, as well as the presence of additional components that might be indicative of added defensive protections (ex: antivirus, SIEMs, etc.). Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning (ex: list...") Tag: Visual edit
- 00:11, 21 January 2023 Ali3nw3rx talk contribs created page Hardware (Created page with "Adversaries may gather information about the victim's host hardware that can be used during targeting. Information about hardware infrastructure may include a variety of details such as types and versions on specific hosts, as well as the presence of additional components that might be indicative of added defensive protections (ex: card/biometric readers, dedicated encryption hardware, etc.). Adversaries may gather this information in various ways, such as direct collec...") Tag: Visual edit: Switched
- 00:09, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Host Information (Created page with "Adversaries may gather information about the victim's hosts that can be used during targeting. Information about hosts may include a variety of details, including administrative data (ex: name, assigned IP, functionality, etc.) as well as specifics regarding its configuration (ex: operating system, language, etc.). Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning or Phishing for Information. Adversaries may a...") Tag: Visual edit
- 00:07, 21 January 2023 Ali3nw3rx talk contribs created page Wordlist Scanning (Created page with "Adversaries may scan victims for vulnerabilities that can be used during targeting. Vulnerability scans typically check if the configuration of a target host/application (ex: software and version) potentially aligns with the target of a specific exploit the adversary may seek to use. These scans may also include more broad attempts to Gather Victim Host Information that can be used to identify more commonly known, exploitable vulnerabilities. Vulnerability scans typical...") Tag: Visual edit
- 00:05, 21 January 2023 Ali3nw3rx talk contribs created page Vulnerability Scanning (Created page with "Adversaries may scan victims for vulnerabilities that can be used during targeting. Vulnerability scans typically check if the configuration of a target host/application (ex: software and version) potentially aligns with the target of a specific exploit the adversary may seek to use. These scans may also include more broad attempts to Gather Victim Host Information that can be used to identify more commonly known, exploitable vulnerabilities. Vulnerability scans typical...") Tag: Visual edit
- 00:02, 21 January 2023 Ali3nw3rx talk contribs created page Scanning IP Blocks (Created page with "Category:Active Scanning Adversaries may scan victim IP blocks to gather information that can be used during targeting. Public IP addresses may be allocated to organizations by block, or a range of sequential addresses. Adversaries may scan IP blocks in order to Gather Victim Network Information, such as which IP addresses are actively in use as well as more detailed information about hosts assigned these addresses. Scans may range from simple pings (ICMP requests a...") Tag: Visual edit
- 23:58, 20 January 2023 Ali3nw3rx talk contribs created page Category:Active Scanning (Created page with "Category:Reconnaissance Adversaries may execute active reconnaissance scans to gather information that can be used during targeting. Active scans are those where the adversary probes victim infrastructure via network traffic, as opposed to other forms of reconnaissance that do not involve direct interaction. Adversaries may perform different forms of active scanning depending on what information they seek to gather. These scans can also be performed in various ways,...") Tag: Visual edit
- 23:56, 20 January 2023 Ali3nw3rx talk contribs created page Category:Reconnaissance (Created page with "The adversary is trying to gather information they can use to plan future operations. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to p...") Tag: Visual edit
- 23:52, 20 January 2023 Ali3nw3rx talk contribs deleted page Category:Reconnaissance (content was: "", and the only contributor was "SourMilk" (talk))
- 23:51, 20 January 2023 Ali3nw3rx talk contribs deleted page Category:Reconnaissance:Active Scanning (content was: "", and the only contributor was "SourMilk" (talk))
- 23:51, 20 January 2023 Ali3nw3rx talk contribs deleted page Category:Reconnaissance: Active Scanning (content was: "", and the only contributor was "SourMilk" (talk))
- 23:51, 20 January 2023 Ali3nw3rx talk contribs created page Active Scanning:Reconnaissance (Created blank page)
- 23:49, 20 January 2023 Ali3nw3rx talk contribs created page Active Scanning (Created page with "This is a test Active Scanning") Tag: Visual edit
- 23:33, 20 January 2023 Ali3nw3rx talk contribs created page RCATs:Privacy policy (Created page with "We will never sell or use your personal data for evil! -RCATs")
- 23:25, 20 January 2023 Ali3nw3rx talk contribs created page RCATs:General disclaimer (Created page with "The information and materials provided on this website are for educational purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will we be...")
- 23:25, 20 January 2023 Ali3nw3rx talk contribs created page RCATs:About (Created page with "The information and materials provided on this website are for educational purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will we be...")
- 22:40, 20 January 2023 Ali3nw3rx talk contribs deleted page Talk:DCSYNC (content was: "This is a test discussion == Here is another test == this is another topic I guess?", and the only contributor was "Ali3nw3rx" (talk))
- 20:32, 20 January 2023 Ali3nw3rx talk contribs created page Talk:DCSYNC (Created page with "This is a test discussion")
- 20:20, 20 January 2023 Ali3nw3rx talk contribs created page Category:Active Directroy (Created blank page)
- 20:19, 20 January 2023 Ali3nw3rx talk contribs created page DCSYNC (Created page with "Category:Active Directroy = DCSync = == '''Add full-control rights''' == <pre>Add-ObjectAcl -TargetDistinguishedName ‘DC=dollarcorp,DC=moneycorp,DC=local’ -PrincipalSamAccountName <username> -Rights All -Verbose</pre> == '''Add rights for DCsync''' == <pre>Add-ObjectAcl -TargetDistinguishedName ‘DC=dollarcorp,DC=moneycorp,Dc=local’ -PrincipalSamAccountName <username> -Rights DCSync -Verbose</pre> == '''Execute DCSync and dump krbtgt''' == <pr...")
- 17:04, 20 January 2023 Ali3nw3rx talk contribs created page Category:PowerShell (Created blank page)
- 17:03, 20 January 2023 Ali3nw3rx talk contribs created page Powershell Remoting (Created page with "Category:PowerShell <span id="powershell-remoting"></span> = PowerShell Remoting = <span id="powershell-remoting-1"></span> == '''Powershell Remoting''' == <pre>. ./Set-RemotePSRemoting.ps1</pre> <span id="on-a-local-machine"></span> == '''On a local machine''' == <pre>Set-RemotePSRemoting -Username <username> -Verbose</pre> <span id="on-a-remote-machine-without-credentials"></span> == '''On a remote machine without credentials''' == <pre>Set-RemotePSRemot...") Tag: Visual edit: Switched
- 16:57, 20 January 2023 Ali3nw3rx talk contribs deleted page Category:Command (content was: "", and the only contributor was "Ali3nw3rx" (talk))
- 16:54, 20 January 2023 Ali3nw3rx talk contribs created page Category:Command (Created blank page) Tag: Visual edit
- 16:47, 20 January 2023 Ali3nw3rx talk contribs created page Category:C2 (Created blank page) Tag: Visual edit
- 16:43, 20 January 2023 Ali3nw3rx talk contribs created page Cobalt Strike (Created page with "<nowiki>Category:Command&Control</nowiki> Cobalt Strike Cheat Sheet ==Listeners== ====Egress Listeners==== *'''HTTP/HTTPS:''' The most basic payloads for beacon, by default the listeners will listen on ports 80 and 443 with always the option to set custom ports. You have the options to set proxy settings, customize the HTTP header or specify a bind port to redirect beacon’s traffic if the infrastructure uses redirector servers for the payload callbacks. *'''DNS:''...") Tag: Visual edit: Switched
- 16:29, 20 January 2023 Ali3nw3rx talk contribs protected RCATs [Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite) (hist)
- 16:28, 20 January 2023 Ali3nw3rx talk contribs uploaded File:Logo.png
- 16:28, 20 January 2023 Ali3nw3rx talk contribs created page File:Logo.png
- 16:24, 20 January 2023 Ali3nw3rx talk contribs changed group membership for SourMilk from (none) to administrator, interface administrator, bureaucrat and suppressor (Co-Founder)
- 16:04, 20 January 2023 Ali3nw3rx talk contribs uploaded File:RCATs.png
- 16:04, 20 January 2023 Ali3nw3rx talk contribs created page File:RCATs.png
- 15:57, 20 January 2023 Ali3nw3rx talk contribs deleted page RCATs (Deleted to make way for move from "Main Page")
- 15:57, 20 January 2023 Ali3nw3rx talk contribs moved page Main Page to RCATs
- 15:56, 20 January 2023 Ali3nw3rx talk contribs created page RCATs (Created page with "RCATs Home Page")
- 15:50, 20 January 2023 Ali3nw3rx talk contribs created page Flight (Created page with "Category:HackTheBox Start with a nmap scan running default scripts and version check. <syntaxhighlight lang="bash">┌──[HQ🚀10.0.2.15|10.10.16.9⚔️sourmilk] └──╼[👾]~ $ nmap -sCV 10.129.228.120 -oA nmap/flight Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-05 21:16 MST Nmap scan report for 10.129.228.120 Host is up (0.12s latency). Not shown: 988 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain...")
- 15:49, 20 January 2023 Ali3nw3rx talk contribs created page Category:HackTheBox (Created blank page)
- 15:34, 20 January 2023 Ali3nw3rx talk contribs created page Active directory (Created page with "This is a test page")