All public logs

Combined display of all available logs of RCATs. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
  • 18:17, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Open Websites/Domains (Created page with "Adversaries may search freely available websites and/or domains for information about victims that can be used during targeting. Information about victims may be available in various online sites, such as social media, new sites, or those hosting information about business operations such as hiring or requested/rewarded contracts.[1][2][3] Adversaries may search in different online sites depending on what information they seek to gather. Information from these sources m...")
  • 18:14, 21 January 2023 Ali3nw3rx talk contribs created page Scan Databases (Created page with "Adversaries may search within public scan databases for information about victims that can be used during targeting. Various online services continuously publish the results of Internet scans/surveys, often harvesting information such as active IP addresses, hostnames, open ports, certificates, and even server banners.[1] Adversaries may search scan databases to gather actionable information. Threat actors can use online resources and lookup tools to harvest information...")
  • 18:13, 21 January 2023 Ali3nw3rx talk contribs created page CDNs (Created page with "Adversaries may search content delivery network (CDN) data about victims that can be used during targeting. CDNs allow an organization to host content from a distributed, load balanced array of servers. CDNs may also allow organizations to customize content delivery based on the requestor’s geographical region. Adversaries may search CDN data to gather actionable information. Threat actors can use online resources and lookup tools to harvest information about content...") Tag: Visual edit: Switched
  • 18:13, 21 January 2023 Ali3nw3rx talk contribs created page Digital Certificates (Created page with "Adversaries may search public digital certificate data for information about victims that can be used during targeting. Digital certificates are issued by a certificate authority (CA) in order to cryptographically verify the origin of signed content. These certificates, such as those used for encrypted web traffic (HTTPS SSL/TLS communications), contain information about the registered organization such as name and location. Adversaries may search digital certificate da...") Tag: Visual edit
  • 18:12, 21 January 2023 Ali3nw3rx talk contribs created page WHOIS (Created page with "Adversaries may search public WHOIS data for information about victims that can be used during targeting. WHOIS data is stored by regional Internet registries (RIR) responsible for allocating and assigning Internet resources such as domain names. Anyone can query WHOIS servers for information about a registered domain, such as assigned IP blocks, contact information, and DNS nameservers.[1] Adversaries may search WHOIS data to gather actionable information. Threat actor...") Tag: Visual edit: Switched
  • 18:11, 21 January 2023 Ali3nw3rx talk contribs created page DNS/Passive DNS (Created page with "Adversaries may search DNS data for information about victims that can be used during targeting. DNS information may include a variety of details, including registered name servers as well as records that outline addressing for a target’s subdomains, mail servers, and other hosts. Adversaries may search DNS data to gather actionable information. Threat actors can query nameservers for a target organization directly, or search through centralized repositories of logged...") Tag: Visual edit
  • 18:10, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Open Technical Databases (Created page with "Adversaries may search freely available technical databases for information about victims that can be used during targeting. Information about victims may be available in online databases and repositories, such as registrations of domains/certificates as well as public collections of network data/artifacts gathered from traffic and/or scans.[1][2][3][4][5][6][7] Adversaries may search in different open databases depending on what information they seek to gather. Informa...") Tag: Visual edit
  • 18:09, 21 January 2023 Ali3nw3rx talk contribs created page Purchase Technical Data (Created page with "Adversaries may purchase technical information about victims that can be used during targeting. Information about victims may be available for purchase within reputable private sources and databases, such as paid subscriptions to feeds of scan databases or other data aggregation services. Adversaries may also purchase information from less-reputable sources such as dark web or cybercrime blackmarkets. Adversaries may purchase information about their already identified t...") Tag: Visual edit
  • 18:08, 21 January 2023 Ali3nw3rx talk contribs created page Threat Intel Vendors (Created page with "Adversaries may search private data from threat intelligence vendors for information that can be used during targeting. Threat intelligence vendors may offer paid feeds or portals that offer more data than what is publicly reported. Although sensitive details (such as customer names and other identifiers) may be redacted, this information may contain trends regarding breaches such as target industries, attribution claims, and successful TTPs/countermeasures.[1] Adversar...") Tag: Visual edit
  • 01:16, 21 January 2023 Ali3nw3rx talk contribs uploaded File:Spearphish.png
  • 01:16, 21 January 2023 Ali3nw3rx talk contribs created page File:Spearphish.png
  • 01:11, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Closed Sources (Created page with "Adversaries may gather information about victims from private, closed sources that can be used to identify potential targets. This information may be available for purchase from reputable sources such as paid subscriptions to feeds of technical/threat intelligence data, or from less reputable sources such as dark web or cybercrime black markets. They may search different closed databases depending on the information they are trying to gather. This information may reveal...") Tag: Visual edit
  • 01:03, 21 January 2023 Ali3nw3rx talk contribs created page Spearphishing Service (Created page with "Attackers may use spearphishing tactics to trick individuals into revealing sensitive information that can be used to identify potential targets. This type of spearphishing, known as "spearphishing for information" is different from traditional spearphishing where the goal is to execute malicious code. This type of spearphishing is targeted at a specific individual, company or industry, and messages are sent through various social media services, personal webmail, and ot...") Tag: Visual edit
  • 01:02, 21 January 2023 Ali3nw3rx talk contribs created page Category:Phishing for Information (Created page with "Attackers may use phishing tactics to trick individuals into revealing sensitive information that can be used to identify potential targets. This type of phishing, known as "phishing for information," is different from traditional phishing where the goal is to execute malicious code. Phishing for information can take the form of targeted spearphishing, where specific individuals, companies or industries are targeted, or non-targeted phishing, such as in mass credential h...") Tag: Visual edit
  • 01:00, 21 January 2023 Ali3nw3rx talk contribs created page Identify Roles (Created page with "Attackers may collect information about identities and roles within the victim organization that can be used to identify potential targets. This information may include details about key personnel and the data and resources they have access to. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding it on publicly available sources such as social media or the victim's website. The information gathere...") Tag: Visual edit
  • 00:59, 21 January 2023 Ali3nw3rx talk contribs created page Identify Business Tempo (Created page with "Attackers may collect information about the victim organization's business tempo that can be used to identify potential targets. This information may include details about the organization's operational hours and days of the week, as well as times and dates of purchases and shipments of hardware and software resources. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding it on publicly available s...") Tag: Visual edit
  • 00:57, 21 January 2023 Ali3nw3rx talk contribs created page Business Relationships (Created page with "Attackers may collect information about the victim organization's business relationships that can be used to identify potential targets. This information may include details about second and third-party organizations or domains that have access to the network, and supply chains or shipment paths for the victim's hardware and software resources. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding...") Tag: Visual edit
  • 00:56, 21 January 2023 Ali3nw3rx talk contribs created page Determine Physical Locations (Created page with "Attackers may collect information about the physical locations of the victim organization that can be used to identify potential targets. This information can include details about where key resources and infrastructure are located and what legal jurisdiction the organization operates within. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding it on publicly available sources such as the victim's...") Tag: Visual edit
  • 00:55, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Org Information (Created page with "Attackers may collect information about the victim organization that can be used to identify potential targets. This information can include details about different divisions/departments, business operations, and key employees' roles and responsibilities. They may collect this information through various methods such as directly requesting it via phishing emails. The information may also be obtained from publicly available sources such as social media or the victim's web...") Tag: Visual edit
  • 00:43, 21 January 2023 Ali3nw3rx talk contribs created page Network Security Appliances (Created page with "Adversaries may gather information about the victim's network security appliances that can be used during targeting. Information about network security appliances may include a variety of details, such as the existence and specifics of deployed firewalls, content filters, and proxies/bastion hosts. Adversaries may also target information about victim network-based intrusion detection systems (NIDS) or other appliances related to defensive cybersecurity operations. Adver...") Tag: Visual edit: Switched
  • 00:42, 21 January 2023 Ali3nw3rx talk contribs created page IP Addresses (Created page with "Adversaries may gather the victim's IP addresses that can be used during targeting. Public IP addresses may be allocated to organizations by block, or a range of sequential addresses. Information about assigned IP addresses may include a variety of details, such as which IP addresses are in use. IP addresses may also enable an adversary to derive other details about a victim, such as organizational size, physical location(s), Internet service provider, and or where/how t...") Tag: Visual edit
  • 00:38, 21 January 2023 Ali3nw3rx talk contribs created page Network Topology (Created page with "Adversaries may gather information about the victim's network topology that can be used during targeting. Information about network topologies may include a variety of details, including the physical and/or logical arrangement of both external-facing and internal network environments. This information may also include specifics regarding network devices (gateways, routers, etc.) and other infrastructure. Adversaries may gather this information in various ways, such as d...") Tag: Visual edit
  • 00:37, 21 January 2023 Ali3nw3rx talk contribs created page Network Trust Dependencies (Created page with "Adversaries may gather information about the victim's network trust dependencies that can be used during targeting. Information about network trusts may include a variety of details, including second or third-party organizations/domains (ex: managed service providers, contractors, etc.) that have connected (and potentially elevated) network access. Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Informati...") Tag: Visual edit
  • 00:36, 21 January 2023 Ali3nw3rx talk contribs created page DNS (Created page with "Adversaries may gather information about the victim's DNS that can be used during targeting. DNS information may include a variety of details, including registered name servers as well as records that outline addressing for a target’s subdomains, mail servers, and other hosts. DNS, MX, TXT, and SPF records may also reveal the use of third party cloud and SaaS providers, such as Office 365, G Suite, Salesforce, or Zendesk.[1] Adversaries may gather this information in...") Tag: Visual edit
  • 00:34, 21 January 2023 Ali3nw3rx talk contribs created page Domain Properties (Created page with "Adversaries may gather information about the victim's network domain(s) that can be used during targeting. Information about domains and their properties may include a variety of details, including what domain(s) the victim owns as well as administrative data (ex: name, registrar, etc.) and more directly actionable information such as contacts (email addresses and phone numbers), business addresses, and name servers. Adversaries may gather this information in various wa...") Tag: Visual edit
  • 00:29, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Network Information (Created page with "Adversaries may gather information about the victim's networks that can be used during targeting. Information about networks may include a variety of details, including administrative data (ex: IP ranges, domain names, etc.) as well as specifics regarding its topology and operations. Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning or Phishing for Information. Information about networks may also be exposed to...") Tag: Visual edit
  • 00:26, 21 January 2023 Ali3nw3rx talk contribs deleted page WIndows Credentials (content was: "This is a place holder category:credentials", and the only contributor was "Ali3nw3rx" (talk))
  • 00:24, 21 January 2023 Ali3nw3rx talk contribs created page WIndows Credentials (Created page with "This is a place holder category:credentials") Tag: Visual edit
  • 00:23, 21 January 2023 Ali3nw3rx talk contribs created page Employee Names (Created page with "Adversaries may gather employee names that can be used during targeting. Employee names be used to derive email addresses as well as to help guide other reconnaissance efforts and/or craft more-believable lures. Adversaries may easily gather employee names, since they may be readily available and exposed via online or other accessible data sets (ex: Social Media or Search Victim-Owned Websites).[1] Gathering this information may reveal opportunities for other forms of r...") Tag: Visual edit
  • 00:22, 21 January 2023 Ali3nw3rx talk contribs created page Email Addresses (Created page with "Adversaries may gather email addresses that can be used during targeting. Even if internal instances exist, organizations may have public-facing email infrastructure and addresses for employees. Adversaries may easily gather email addresses, since they may be readily available and exposed via online or other accessible data sets (ex: Social Media or Search Victim-Owned Websites).[1][2] Email addresses could also be enumerated via more active means (i.e. Active Scanning)...") Tag: Visual edit
  • 00:20, 21 January 2023 Ali3nw3rx talk contribs created page Credentials (Created page with "Adversaries may gather credentials that can be used during targeting. Account credentials gathered by adversaries may be those directly associated with the target victim organization or attempt to take advantage of the tendency for users to use the same passwords across personal and business accounts. Adversaries may gather credentials from potential victims in various ways, such as direct elicitation via Phishing for Information. Adversaries may also compromise sites t...") Tag: Visual edit
  • 00:19, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Identity Information (Created page with "Adversaries may gather information about the victim's identity that can be used during targeting. Information about identities may include a variety of details, including personal data (ex: employee names, email addresses, etc.) as well as sensitive details such as credentials. Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Information about users could also be enumerated via other active means (i.e. Act...") Tag: Visual edit
  • 00:16, 21 January 2023 Ali3nw3rx talk contribs created page Client Configurations (Created page with "Adversaries may gather information about the victim's client configurations that can be used during targeting. Information about client configurations may include a variety of details and settings, including operating system/version, virtualization, architecture (ex: 32 or 64 bit), language, and/or time zone. Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning (ex: listening ports, server banners, user agent str...") Tag: Visual edit
  • 00:15, 21 January 2023 Ali3nw3rx talk contribs created page Firmware (Created page with "Adversaries may gather information about the victim's host firmware that can be used during targeting. Information about host firmware may include a variety of details such as type and versions on specific hosts, which may be used to infer more information about hosts in the environment (ex: configuration, purpose, age/patch level, etc.). Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Information about h...") Tag: Visual edit
  • 00:15, 21 January 2023 Ali3nw3rx talk contribs created page Software (Created page with "Adversaries may gather information about the victim's host software that can be used during targeting. Information about installed software may include a variety of details such as types and versions on specific hosts, as well as the presence of additional components that might be indicative of added defensive protections (ex: antivirus, SIEMs, etc.). Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning (ex: list...") Tag: Visual edit
  • 00:11, 21 January 2023 Ali3nw3rx talk contribs created page Hardware (Created page with "Adversaries may gather information about the victim's host hardware that can be used during targeting. Information about hardware infrastructure may include a variety of details such as types and versions on specific hosts, as well as the presence of additional components that might be indicative of added defensive protections (ex: card/biometric readers, dedicated encryption hardware, etc.). Adversaries may gather this information in various ways, such as direct collec...") Tag: Visual edit: Switched
  • 00:09, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Host Information (Created page with "Adversaries may gather information about the victim's hosts that can be used during targeting. Information about hosts may include a variety of details, including administrative data (ex: name, assigned IP, functionality, etc.) as well as specifics regarding its configuration (ex: operating system, language, etc.). Adversaries may gather this information in various ways, such as direct collection actions via Active Scanning or Phishing for Information. Adversaries may a...") Tag: Visual edit
  • 00:07, 21 January 2023 Ali3nw3rx talk contribs created page Wordlist Scanning (Created page with "Adversaries may scan victims for vulnerabilities that can be used during targeting. Vulnerability scans typically check if the configuration of a target host/application (ex: software and version) potentially aligns with the target of a specific exploit the adversary may seek to use. These scans may also include more broad attempts to Gather Victim Host Information that can be used to identify more commonly known, exploitable vulnerabilities. Vulnerability scans typical...") Tag: Visual edit
  • 00:05, 21 January 2023 Ali3nw3rx talk contribs created page Vulnerability Scanning (Created page with "Adversaries may scan victims for vulnerabilities that can be used during targeting. Vulnerability scans typically check if the configuration of a target host/application (ex: software and version) potentially aligns with the target of a specific exploit the adversary may seek to use. These scans may also include more broad attempts to Gather Victim Host Information that can be used to identify more commonly known, exploitable vulnerabilities. Vulnerability scans typical...") Tag: Visual edit
  • 00:02, 21 January 2023 Ali3nw3rx talk contribs created page Scanning IP Blocks (Created page with "Category:Active Scanning Adversaries may scan victim IP blocks to gather information that can be used during targeting. Public IP addresses may be allocated to organizations by block, or a range of sequential addresses. Adversaries may scan IP blocks in order to Gather Victim Network Information, such as which IP addresses are actively in use as well as more detailed information about hosts assigned these addresses. Scans may range from simple pings (ICMP requests a...") Tag: Visual edit
  • 23:58, 20 January 2023 Ali3nw3rx talk contribs created page Category:Active Scanning (Created page with "Category:Reconnaissance Adversaries may execute active reconnaissance scans to gather information that can be used during targeting. Active scans are those where the adversary probes victim infrastructure via network traffic, as opposed to other forms of reconnaissance that do not involve direct interaction. Adversaries may perform different forms of active scanning depending on what information they seek to gather. These scans can also be performed in various ways,...") Tag: Visual edit
  • 23:56, 20 January 2023 Ali3nw3rx talk contribs created page Category:Reconnaissance (Created page with "The adversary is trying to gather information they can use to plan future operations. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to p...") Tag: Visual edit
  • 23:52, 20 January 2023 Ali3nw3rx talk contribs deleted page Category:Reconnaissance (content was: "", and the only contributor was "SourMilk" (talk))
  • 23:51, 20 January 2023 Ali3nw3rx talk contribs deleted page Category:Reconnaissance:Active Scanning (content was: "", and the only contributor was "SourMilk" (talk))
  • 23:51, 20 January 2023 Ali3nw3rx talk contribs deleted page Category:Reconnaissance: Active Scanning (content was: "", and the only contributor was "SourMilk" (talk))
  • 23:51, 20 January 2023 Ali3nw3rx talk contribs created page Active Scanning:Reconnaissance (Created blank page)
  • 23:49, 20 January 2023 Ali3nw3rx talk contribs created page Active Scanning (Created page with "This is a test Active Scanning") Tag: Visual edit
  • 23:33, 20 January 2023 Ali3nw3rx talk contribs created page RCATs:Privacy policy (Created page with "We will never sell or use your personal data for evil! -RCATs")
  • 23:25, 20 January 2023 Ali3nw3rx talk contribs created page RCATs:General disclaimer (Created page with "The information and materials provided on this website are for educational purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will we be...")
  • 23:25, 20 January 2023 Ali3nw3rx talk contribs created page RCATs:About (Created page with "The information and materials provided on this website are for educational purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will we be...")
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
Retrieved from "https://rcats.dev/rcats/index.php/Special:Log/Ali3nw3rx"