Combined display of all available logs of RCATs. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).
- 01:16, 21 January 2023 Ali3nw3rx talk contribs uploaded File:Spearphish.png
- 01:16, 21 January 2023 Ali3nw3rx talk contribs created page File:Spearphish.png
- 01:11, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Closed Sources (Created page with "Adversaries may gather information about victims from private, closed sources that can be used to identify potential targets. This information may be available for purchase from reputable sources such as paid subscriptions to feeds of technical/threat intelligence data, or from less reputable sources such as dark web or cybercrime black markets. They may search different closed databases depending on the information they are trying to gather. This information may reveal...") Tag: Visual edit
- 01:03, 21 January 2023 Ali3nw3rx talk contribs created page Spearphishing Service (Created page with "Attackers may use spearphishing tactics to trick individuals into revealing sensitive information that can be used to identify potential targets. This type of spearphishing, known as "spearphishing for information" is different from traditional spearphishing where the goal is to execute malicious code. This type of spearphishing is targeted at a specific individual, company or industry, and messages are sent through various social media services, personal webmail, and ot...") Tag: Visual edit
- 01:02, 21 January 2023 Ali3nw3rx talk contribs created page Category:Phishing for Information (Created page with "Attackers may use phishing tactics to trick individuals into revealing sensitive information that can be used to identify potential targets. This type of phishing, known as "phishing for information," is different from traditional phishing where the goal is to execute malicious code. Phishing for information can take the form of targeted spearphishing, where specific individuals, companies or industries are targeted, or non-targeted phishing, such as in mass credential h...") Tag: Visual edit
- 01:00, 21 January 2023 Ali3nw3rx talk contribs created page Identify Roles (Created page with "Attackers may collect information about identities and roles within the victim organization that can be used to identify potential targets. This information may include details about key personnel and the data and resources they have access to. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding it on publicly available sources such as social media or the victim's website. The information gathere...") Tag: Visual edit
- 00:59, 21 January 2023 Ali3nw3rx talk contribs created page Identify Business Tempo (Created page with "Attackers may collect information about the victim organization's business tempo that can be used to identify potential targets. This information may include details about the organization's operational hours and days of the week, as well as times and dates of purchases and shipments of hardware and software resources. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding it on publicly available s...") Tag: Visual edit
- 00:57, 21 January 2023 Ali3nw3rx talk contribs created page Business Relationships (Created page with "Attackers may collect information about the victim organization's business relationships that can be used to identify potential targets. This information may include details about second and third-party organizations or domains that have access to the network, and supply chains or shipment paths for the victim's hardware and software resources. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding...") Tag: Visual edit
- 00:56, 21 January 2023 Ali3nw3rx talk contribs created page Determine Physical Locations (Created page with "Attackers may collect information about the physical locations of the victim organization that can be used to identify potential targets. This information can include details about where key resources and infrastructure are located and what legal jurisdiction the organization operates within. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding it on publicly available sources such as the victim's...") Tag: Visual edit
- 00:55, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Org Information (Created page with "Attackers may collect information about the victim organization that can be used to identify potential targets. This information can include details about different divisions/departments, business operations, and key employees' roles and responsibilities. They may collect this information through various methods such as directly requesting it via phishing emails. The information may also be obtained from publicly available sources such as social media or the victim's web...") Tag: Visual edit
- 00:43, 21 January 2023 Ali3nw3rx talk contribs created page Network Security Appliances (Created page with "Adversaries may gather information about the victim's network security appliances that can be used during targeting. Information about network security appliances may include a variety of details, such as the existence and specifics of deployed firewalls, content filters, and proxies/bastion hosts. Adversaries may also target information about victim network-based intrusion detection systems (NIDS) or other appliances related to defensive cybersecurity operations. Adver...") Tag: Visual edit: Switched
- 00:42, 21 January 2023 Ali3nw3rx talk contribs created page IP Addresses (Created page with "Adversaries may gather the victim's IP addresses that can be used during targeting. Public IP addresses may be allocated to organizations by block, or a range of sequential addresses. Information about assigned IP addresses may include a variety of details, such as which IP addresses are in use. IP addresses may also enable an adversary to derive other details about a victim, such as organizational size, physical location(s), Internet service provider, and or where/how t...") Tag: Visual edit
- 00:38, 21 January 2023 Ali3nw3rx talk contribs created page Network Topology (Created page with "Adversaries may gather information about the victim's network topology that can be used during targeting. Information about network topologies may include a variety of details, including the physical and/or logical arrangement of both external-facing and internal network environments. This information may also include specifics regarding network devices (gateways, routers, etc.) and other infrastructure. Adversaries may gather this information in various ways, such as d...") Tag: Visual edit
- 00:37, 21 January 2023 Ali3nw3rx talk contribs created page Network Trust Dependencies (Created page with "Adversaries may gather information about the victim's network trust dependencies that can be used during targeting. Information about network trusts may include a variety of details, including second or third-party organizations/domains (ex: managed service providers, contractors, etc.) that have connected (and potentially elevated) network access. Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Informati...") Tag: Visual edit
- 00:36, 21 January 2023 Ali3nw3rx talk contribs created page DNS (Created page with "Adversaries may gather information about the victim's DNS that can be used during targeting. DNS information may include a variety of details, including registered name servers as well as records that outline addressing for a target’s subdomains, mail servers, and other hosts. DNS, MX, TXT, and SPF records may also reveal the use of third party cloud and SaaS providers, such as Office 365, G Suite, Salesforce, or Zendesk.[1] Adversaries may gather this information in...") Tag: Visual edit
- 00:34, 21 January 2023 Ali3nw3rx talk contribs created page Domain Properties (Created page with "Adversaries may gather information about the victim's network domain(s) that can be used during targeting. Information about domains and their properties may include a variety of details, including what domain(s) the victim owns as well as administrative data (ex: name, registrar, etc.) and more directly actionable information such as contacts (email addresses and phone numbers), business addresses, and name servers. Adversaries may gather this information in various wa...") Tag: Visual edit
- 00:33, 21 January 2023 SourMilk talk contribs deleted page Active Scanning:Reconnaissance (content was: "", and the only contributor was "Ali3nw3rx" (talk))
- 00:29, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Network Information (Created page with "Adversaries may gather information about the victim's networks that can be used during targeting. Information about networks may include a variety of details, including administrative data (ex: IP ranges, domain names, etc.) as well as specifics regarding its topology and operations. Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning or Phishing for Information. Information about networks may also be exposed to...") Tag: Visual edit
- 00:26, 21 January 2023 Ali3nw3rx talk contribs deleted page WIndows Credentials (content was: "This is a place holder category:credentials", and the only contributor was "Ali3nw3rx" (talk))
- 00:24, 21 January 2023 Ali3nw3rx talk contribs created page WIndows Credentials (Created page with "This is a place holder category:credentials") Tag: Visual edit
- 00:23, 21 January 2023 Ali3nw3rx talk contribs created page Employee Names (Created page with "Adversaries may gather employee names that can be used during targeting. Employee names be used to derive email addresses as well as to help guide other reconnaissance efforts and/or craft more-believable lures. Adversaries may easily gather employee names, since they may be readily available and exposed via online or other accessible data sets (ex: Social Media or Search Victim-Owned Websites).[1] Gathering this information may reveal opportunities for other forms of r...") Tag: Visual edit
- 00:22, 21 January 2023 Ali3nw3rx talk contribs created page Email Addresses (Created page with "Adversaries may gather email addresses that can be used during targeting. Even if internal instances exist, organizations may have public-facing email infrastructure and addresses for employees. Adversaries may easily gather email addresses, since they may be readily available and exposed via online or other accessible data sets (ex: Social Media or Search Victim-Owned Websites).[1][2] Email addresses could also be enumerated via more active means (i.e. Active Scanning)...") Tag: Visual edit
- 00:21, 21 January 2023 SourMilk talk contribs created page Cloud Accounts (Created page with "Category:Valid Accounts")
- 00:20, 21 January 2023 Ali3nw3rx talk contribs created page Credentials (Created page with "Adversaries may gather credentials that can be used during targeting. Account credentials gathered by adversaries may be those directly associated with the target victim organization or attempt to take advantage of the tendency for users to use the same passwords across personal and business accounts. Adversaries may gather credentials from potential victims in various ways, such as direct elicitation via Phishing for Information. Adversaries may also compromise sites t...") Tag: Visual edit
- 00:20, 21 January 2023 SourMilk talk contribs created page Local Accounts (Created page with "Category:Valid Accounts")
- 00:20, 21 January 2023 SourMilk talk contribs created page Domain Accounts (Created page with "Category:Valid Accounts") Tag: Visual edit: Switched
- 00:19, 21 January 2023 SourMilk talk contribs created page Default Accounts (Created page with "Category:Valid Accounts") Tag: Visual edit
- 00:19, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Identity Information (Created page with "Adversaries may gather information about the victim's identity that can be used during targeting. Information about identities may include a variety of details, including personal data (ex: employee names, email addresses, etc.) as well as sensitive details such as credentials. Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Information about users could also be enumerated via other active means (i.e. Act...") Tag: Visual edit
- 00:19, 21 January 2023 SourMilk talk contribs created page Category:Valid Accounts (Created page with "Category:Initial Access") Tag: Visual edit: Switched
- 00:18, 21 January 2023 SourMilk talk contribs deleted page Valid Accounts (content was: "Category:Initial Access", and the only contributor was "SourMilk" (talk))
- 00:18, 21 January 2023 SourMilk talk contribs created page Valid Accounts (Created page with "Category:Initial Access")
- 00:18, 21 January 2023 SourMilk talk contribs created page Trusted Relationship (Created page with "Category:Initial Access")
- 00:17, 21 January 2023 SourMilk talk contribs created page Compromise Hardware Supply Chain (Created page with "Category:Supply Chain Compromise")
- 00:17, 21 January 2023 SourMilk talk contribs created page Compromise Software Supply Chain (Created page with "Category:Supply Chain Compromise")
- 00:17, 21 January 2023 SourMilk talk contribs created page Compromise Software Dependencies and Development Tools (Created page with "Category:Supply Chain Compromise")
- 00:17, 21 January 2023 SourMilk talk contribs created page Category:Supply Chain Compromise (Created page with "Category:Initial Access") Tag: Visual edit: Switched
- 00:16, 21 January 2023 Ali3nw3rx talk contribs created page Client Configurations (Created page with "Adversaries may gather information about the victim's client configurations that can be used during targeting. Information about client configurations may include a variety of details and settings, including operating system/version, virtualization, architecture (ex: 32 or 64 bit), language, and/or time zone. Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning (ex: listening ports, server banners, user agent str...") Tag: Visual edit
- 00:16, 21 January 2023 SourMilk talk contribs deleted page Supply Chain Compromise (content was: "Category:Initial Access", and the only contributor was "SourMilk" (talk))
- 00:16, 21 January 2023 SourMilk talk contribs created page Supply Chain Compromise (Created page with "Category:Initial Access")
- 00:15, 21 January 2023 Ali3nw3rx talk contribs created page Firmware (Created page with "Adversaries may gather information about the victim's host firmware that can be used during targeting. Information about host firmware may include a variety of details such as type and versions on specific hosts, which may be used to infer more information about hosts in the environment (ex: configuration, purpose, age/patch level, etc.). Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Information about h...") Tag: Visual edit
- 00:15, 21 January 2023 SourMilk talk contribs created page Replication Through Removable Media (Created page with "Category:Initial Access")
- 00:15, 21 January 2023 SourMilk talk contribs created page Spearphishing via Service (Created page with "Category:Phishing")
- 00:15, 21 January 2023 SourMilk talk contribs created page Spearphishing Link (Created page with "Category:Phishing") Tag: Visual edit: Switched
- 00:15, 21 January 2023 Ali3nw3rx talk contribs created page Software (Created page with "Adversaries may gather information about the victim's host software that can be used during targeting. Information about installed software may include a variety of details such as types and versions on specific hosts, as well as the presence of additional components that might be indicative of added defensive protections (ex: antivirus, SIEMs, etc.). Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning (ex: list...") Tag: Visual edit
- 00:14, 21 January 2023 SourMilk talk contribs created page Spearphishing Attachment (Created page with "Category:Phishing") Tag: Visual edit
- 00:14, 21 January 2023 SourMilk talk contribs created page Category:Phishing (Created page with "Category:Initial Access") Tag: Visual edit: Switched
- 00:13, 21 January 2023 SourMilk talk contribs created page Hardware Additions (Created page with "Category:Initial Access")
- 00:13, 21 January 2023 SourMilk talk contribs created page External Remote Services (Created page with "Category:Initial Access")
- 00:11, 21 January 2023 Ali3nw3rx talk contribs created page Hardware (Created page with "Adversaries may gather information about the victim's host hardware that can be used during targeting. Information about hardware infrastructure may include a variety of details such as types and versions on specific hosts, as well as the presence of additional components that might be indicative of added defensive protections (ex: card/biometric readers, dedicated encryption hardware, etc.). Adversaries may gather this information in various ways, such as direct collec...") Tag: Visual edit: Switched
- 00:10, 21 January 2023 SourMilk talk contribs created page Exploit Public-Facing Application (Created page with "{{Infobox Creating Exploit Public-Facing Application | name = | image = | image_size = | caption = | alternate_name = | country = | region = | creator = | course = | type = | served = | main_ingredient = | variations = | calories = | other = }}")