All public logs

Combined display of all available logs of RCATs. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
  • 13:27, 22 January 2023 Ali3nw3rx talk contribs created page Virtual Private Server (Created page with "Adversaries may rent Virtual Private Servers (VPSs) that can be used during targeting. There exist a variety of cloud service providers that will sell virtual machines/containers as a service. By utilizing a VPS, adversaries can make it difficult to physically tie back operations to them. The use of cloud infrastructure can also make it easier for adversaries to rapidly provision, modify, and shut down their infrastructure. Acquiring a VPS for use in later stages of the...") Tag: Visual edit: Switched
  • 13:27, 22 January 2023 Ali3nw3rx talk contribs created page DNS Server (Created page with "Adversaries may set up their own Domain Name System (DNS) servers that can be used during targeting. During post-compromise activity, adversaries may utilize DNS traffic for various tasks, including for Command and Control (ex: Application Layer Protocol). Instead of hijacking existing DNS servers, adversaries may opt to configure and run their own DNS servers in support of operations. By running their own DNS servers, adversaries can have more control over how they adm...") Tag: Visual edit
  • 13:26, 22 January 2023 SourMilk talk contribs created page Hack the box (Created page with "REDIRECT ''Category:HackTheBox''") Tag: Visual edit
  • 13:23, 22 January 2023 Ali3nw3rx talk contribs created page Domains (Created page with "Adversaries may acquire domains that can be used during targeting. Domain names are the human readable names used to represent one or more IP addresses. They can be purchased or, in some cases, acquired for free. Adversaries may use acquired domains for a variety of purposes, including for Phishing, Drive-by Compromise, and Command and Control.[1] Adversaries may choose domains that are similar to legitimate domains, including through use of homoglyphs or use of a diffe...")
  • 13:22, 22 January 2023 Ali3nw3rx talk contribs created page Category:Acquire Infrastructure (Created page with "Adversaries may buy, lease, or rent infrastructure that can be used during targeting. A wide variety of infrastructure exists for hosting and orchestrating adversary operations. Infrastructure solutions include physical or cloud servers, domains, and third-party web services.[1] Additionally, botnets are available for rent or purchase. Use of these infrastructure solutions allows an adversary to stage, launch, and execute an operation. Solutions may help adversary opera...")
  • 13:20, 22 January 2023 Ali3nw3rx talk contribs created page Category:Resource Development (Created page with "The adversary is trying to establish resources they can use to support operations. Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Cont...") Tag: Visual edit
  • 13:12, 22 January 2023 Ali3nw3rx talk contribs deleted page Reconnaissance (content was: "Category:Reconnaissance test page __NEWSECTIONLINK__", and the only contributor was "Ali3nw3rx" (talk))
  • 12:56, 22 January 2023 Ali3nw3rx talk contribs uploaded File:Gaming-logo-generator-with-a-masked-shooter-character-2734l-2927.png
  • 12:56, 22 January 2023 Ali3nw3rx talk contribs created page File:Gaming-logo-generator-with-a-masked-shooter-character-2734l-2927.png
  • 12:44, 22 January 2023 Ali3nw3rx talk contribs uploaded File:Logo-template-featuring-gaming-weapons-3019 (1).png
  • 12:44, 22 January 2023 Ali3nw3rx talk contribs created page File:Logo-template-featuring-gaming-weapons-3019 (1).png
  • 12:43, 22 January 2023 Ali3nw3rx talk contribs uploaded File:Gaming-logo-maker-featuring-robotic-animal-graphics-1028-el1 (2).png
  • 12:43, 22 January 2023 Ali3nw3rx talk contribs created page File:Gaming-logo-maker-featuring-robotic-animal-graphics-1028-el1 (2).png
  • 12:31, 22 January 2023 Ali3nw3rx talk contribs created page Reconnaissance (Created page with "Category:Reconnaissance test page __NEWSECTIONLINK__") Tag: Visual edit
  • 10:36, 22 January 2023 SourMilk talk contribs created page Investigation (Created page with "[Category:Medium] ==Enumeration== ===Nmap=== <syntaxhighlight lang="bash"> Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-22 08:16 MST Nmap scan report for 10.129.10.145 Host is up (0.12s latency). Not shown: 998 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA) | 256 274520add2faa73a8373d97c79abf30b (ECDSA) |_...") Tag: Visual edit: Switched
  • 02:34, 22 January 2023 Ali3nw3rx talk contribs created page CrackMapExec (Created page with "CrackMapExec Page Coming Soon....") Tag: Visual edit
  • 18:26, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Victim-Owned Websites (Created page with "Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: Email Addresses). These sites may also have details highlighting business operations and relationships.[1] Adversaries may search victim-owned websites to gather actionable informa...")
  • 18:25, 21 January 2023 Ali3nw3rx talk contribs deleted page Categroy: Search Victim-Owned Websites (content was: "Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: Email Addresses). These sites may also have details highlighting business opera...", and the only contributor was "Ali3nw3rx" (talk))
  • 18:22, 21 January 2023 Ali3nw3rx talk contribs created page Categroy: Search Victim-Owned Websites (Created page with "Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: Email Addresses). These sites may also have details highlighting business operations and relationships.[1] Adversaries may search victim-owned websites to gather actionable informa...")
  • 18:21, 21 January 2023 Ali3nw3rx talk contribs created page Code Repositories (Created page with "Adversaries may search public code repositories for information about victims that can be used during targeting. Victims may store code in repositories on various third-party websites such as GitHub, GitLab, SourceForge, and BitBucket. Users typically interact with code repositories through a web application or command-line utilities such as git. Adversaries may search various public code repositories for various information about a victim. Public code repositories can...")
  • 18:20, 21 January 2023 Ali3nw3rx talk contribs created page Search Engines (Created page with "Adversaries may use search engines to collect information about victims that can be used during targeting. Search engine services typical crawl online sites to index context and may provide users with specialized syntax to search for specific keywords or specific types of content (i.e. filetypes).[1][2] Adversaries may craft various search engine queries depending on what information they seek to gather. Threat actors may use search engines to harvest general informatio...")
  • 18:18, 21 January 2023 Ali3nw3rx talk contribs created page Social Media (Created page with "Adversaries may search social media for information about victims that can be used during targeting. Social media sites may contain various information about a victim organization, such as business announcements as well as information about the roles, locations, and interests of staff. Adversaries may search in different social media sites depending on what information they seek to gather. Threat actors may passively harvest data from these sites, as well as use informa...")
  • 18:17, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Open Websites/Domains (Created page with "Adversaries may search freely available websites and/or domains for information about victims that can be used during targeting. Information about victims may be available in various online sites, such as social media, new sites, or those hosting information about business operations such as hiring or requested/rewarded contracts.[1][2][3] Adversaries may search in different online sites depending on what information they seek to gather. Information from these sources m...")
  • 18:14, 21 January 2023 Ali3nw3rx talk contribs created page Scan Databases (Created page with "Adversaries may search within public scan databases for information about victims that can be used during targeting. Various online services continuously publish the results of Internet scans/surveys, often harvesting information such as active IP addresses, hostnames, open ports, certificates, and even server banners.[1] Adversaries may search scan databases to gather actionable information. Threat actors can use online resources and lookup tools to harvest information...")
  • 18:13, 21 January 2023 Ali3nw3rx talk contribs created page CDNs (Created page with "Adversaries may search content delivery network (CDN) data about victims that can be used during targeting. CDNs allow an organization to host content from a distributed, load balanced array of servers. CDNs may also allow organizations to customize content delivery based on the requestor’s geographical region. Adversaries may search CDN data to gather actionable information. Threat actors can use online resources and lookup tools to harvest information about content...") Tag: Visual edit: Switched
  • 18:13, 21 January 2023 Ali3nw3rx talk contribs created page Digital Certificates (Created page with "Adversaries may search public digital certificate data for information about victims that can be used during targeting. Digital certificates are issued by a certificate authority (CA) in order to cryptographically verify the origin of signed content. These certificates, such as those used for encrypted web traffic (HTTPS SSL/TLS communications), contain information about the registered organization such as name and location. Adversaries may search digital certificate da...") Tag: Visual edit
  • 18:12, 21 January 2023 Ali3nw3rx talk contribs created page WHOIS (Created page with "Adversaries may search public WHOIS data for information about victims that can be used during targeting. WHOIS data is stored by regional Internet registries (RIR) responsible for allocating and assigning Internet resources such as domain names. Anyone can query WHOIS servers for information about a registered domain, such as assigned IP blocks, contact information, and DNS nameservers.[1] Adversaries may search WHOIS data to gather actionable information. Threat actor...") Tag: Visual edit: Switched
  • 18:11, 21 January 2023 Ali3nw3rx talk contribs created page DNS/Passive DNS (Created page with "Adversaries may search DNS data for information about victims that can be used during targeting. DNS information may include a variety of details, including registered name servers as well as records that outline addressing for a target’s subdomains, mail servers, and other hosts. Adversaries may search DNS data to gather actionable information. Threat actors can query nameservers for a target organization directly, or search through centralized repositories of logged...") Tag: Visual edit
  • 18:10, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Open Technical Databases (Created page with "Adversaries may search freely available technical databases for information about victims that can be used during targeting. Information about victims may be available in online databases and repositories, such as registrations of domains/certificates as well as public collections of network data/artifacts gathered from traffic and/or scans.[1][2][3][4][5][6][7] Adversaries may search in different open databases depending on what information they seek to gather. Informa...") Tag: Visual edit
  • 18:09, 21 January 2023 Ali3nw3rx talk contribs created page Purchase Technical Data (Created page with "Adversaries may purchase technical information about victims that can be used during targeting. Information about victims may be available for purchase within reputable private sources and databases, such as paid subscriptions to feeds of scan databases or other data aggregation services. Adversaries may also purchase information from less-reputable sources such as dark web or cybercrime blackmarkets. Adversaries may purchase information about their already identified t...") Tag: Visual edit
  • 18:08, 21 January 2023 Ali3nw3rx talk contribs created page Threat Intel Vendors (Created page with "Adversaries may search private data from threat intelligence vendors for information that can be used during targeting. Threat intelligence vendors may offer paid feeds or portals that offer more data than what is publicly reported. Although sensitive details (such as customer names and other identifiers) may be redacted, this information may contain trends regarding breaches such as target industries, attribution claims, and successful TTPs/countermeasures.[1] Adversar...") Tag: Visual edit
  • 13:59, 21 January 2023 Fr0M4str talk contribs created page SMB (nothing) Tag: Visual edit
  • 10:05, 21 January 2023 SourMilk talk contribs deleted page Active Scanning (content was: "This is a test Active Scanning:Reconnaissance", and the only contributor was "Ali3nw3rx" (talk))
  • 01:16, 21 January 2023 Ali3nw3rx talk contribs uploaded File:Spearphish.png
  • 01:16, 21 January 2023 Ali3nw3rx talk contribs created page File:Spearphish.png
  • 01:11, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Closed Sources (Created page with "Adversaries may gather information about victims from private, closed sources that can be used to identify potential targets. This information may be available for purchase from reputable sources such as paid subscriptions to feeds of technical/threat intelligence data, or from less reputable sources such as dark web or cybercrime black markets. They may search different closed databases depending on the information they are trying to gather. This information may reveal...") Tag: Visual edit
  • 01:03, 21 January 2023 Ali3nw3rx talk contribs created page Spearphishing Service (Created page with "Attackers may use spearphishing tactics to trick individuals into revealing sensitive information that can be used to identify potential targets. This type of spearphishing, known as "spearphishing for information" is different from traditional spearphishing where the goal is to execute malicious code. This type of spearphishing is targeted at a specific individual, company or industry, and messages are sent through various social media services, personal webmail, and ot...") Tag: Visual edit
  • 01:02, 21 January 2023 Ali3nw3rx talk contribs created page Category:Phishing for Information (Created page with "Attackers may use phishing tactics to trick individuals into revealing sensitive information that can be used to identify potential targets. This type of phishing, known as "phishing for information," is different from traditional phishing where the goal is to execute malicious code. Phishing for information can take the form of targeted spearphishing, where specific individuals, companies or industries are targeted, or non-targeted phishing, such as in mass credential h...") Tag: Visual edit
  • 01:00, 21 January 2023 Ali3nw3rx talk contribs created page Identify Roles (Created page with "Attackers may collect information about identities and roles within the victim organization that can be used to identify potential targets. This information may include details about key personnel and the data and resources they have access to. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding it on publicly available sources such as social media or the victim's website. The information gathere...") Tag: Visual edit
  • 00:59, 21 January 2023 Ali3nw3rx talk contribs created page Identify Business Tempo (Created page with "Attackers may collect information about the victim organization's business tempo that can be used to identify potential targets. This information may include details about the organization's operational hours and days of the week, as well as times and dates of purchases and shipments of hardware and software resources. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding it on publicly available s...") Tag: Visual edit
  • 00:57, 21 January 2023 Ali3nw3rx talk contribs created page Business Relationships (Created page with "Attackers may collect information about the victim organization's business relationships that can be used to identify potential targets. This information may include details about second and third-party organizations or domains that have access to the network, and supply chains or shipment paths for the victim's hardware and software resources. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding...") Tag: Visual edit
  • 00:56, 21 January 2023 Ali3nw3rx talk contribs created page Determine Physical Locations (Created page with "Attackers may collect information about the physical locations of the victim organization that can be used to identify potential targets. This information can include details about where key resources and infrastructure are located and what legal jurisdiction the organization operates within. They may collect this information through various methods such as directly requesting it through phishing emails, or by finding it on publicly available sources such as the victim's...") Tag: Visual edit
  • 00:55, 21 January 2023 Ali3nw3rx talk contribs created page Category:Victim Org Information (Created page with "Attackers may collect information about the victim organization that can be used to identify potential targets. This information can include details about different divisions/departments, business operations, and key employees' roles and responsibilities. They may collect this information through various methods such as directly requesting it via phishing emails. The information may also be obtained from publicly available sources such as social media or the victim's web...") Tag: Visual edit
  • 00:43, 21 January 2023 Ali3nw3rx talk contribs created page Network Security Appliances (Created page with "Adversaries may gather information about the victim's network security appliances that can be used during targeting. Information about network security appliances may include a variety of details, such as the existence and specifics of deployed firewalls, content filters, and proxies/bastion hosts. Adversaries may also target information about victim network-based intrusion detection systems (NIDS) or other appliances related to defensive cybersecurity operations. Adver...") Tag: Visual edit: Switched
  • 00:42, 21 January 2023 Ali3nw3rx talk contribs created page IP Addresses (Created page with "Adversaries may gather the victim's IP addresses that can be used during targeting. Public IP addresses may be allocated to organizations by block, or a range of sequential addresses. Information about assigned IP addresses may include a variety of details, such as which IP addresses are in use. IP addresses may also enable an adversary to derive other details about a victim, such as organizational size, physical location(s), Internet service provider, and or where/how t...") Tag: Visual edit
  • 00:38, 21 January 2023 Ali3nw3rx talk contribs created page Network Topology (Created page with "Adversaries may gather information about the victim's network topology that can be used during targeting. Information about network topologies may include a variety of details, including the physical and/or logical arrangement of both external-facing and internal network environments. This information may also include specifics regarding network devices (gateways, routers, etc.) and other infrastructure. Adversaries may gather this information in various ways, such as d...") Tag: Visual edit
  • 00:37, 21 January 2023 Ali3nw3rx talk contribs created page Network Trust Dependencies (Created page with "Adversaries may gather information about the victim's network trust dependencies that can be used during targeting. Information about network trusts may include a variety of details, including second or third-party organizations/domains (ex: managed service providers, contractors, etc.) that have connected (and potentially elevated) network access. Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Informati...") Tag: Visual edit
  • 00:36, 21 January 2023 Ali3nw3rx talk contribs created page DNS (Created page with "Adversaries may gather information about the victim's DNS that can be used during targeting. DNS information may include a variety of details, including registered name servers as well as records that outline addressing for a target’s subdomains, mail servers, and other hosts. DNS, MX, TXT, and SPF records may also reveal the use of third party cloud and SaaS providers, such as Office 365, G Suite, Salesforce, or Zendesk.[1] Adversaries may gather this information in...") Tag: Visual edit
  • 00:34, 21 January 2023 Ali3nw3rx talk contribs created page Domain Properties (Created page with "Adversaries may gather information about the victim's network domain(s) that can be used during targeting. Information about domains and their properties may include a variety of details, including what domain(s) the victim owns as well as administrative data (ex: name, registrar, etc.) and more directly actionable information such as contacts (email addresses and phone numbers), business addresses, and name servers. Adversaries may gather this information in various wa...") Tag: Visual edit
  • 00:33, 21 January 2023 SourMilk talk contribs deleted page Active Scanning:Reconnaissance (content was: "", and the only contributor was "Ali3nw3rx" (talk))
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
Retrieved from "https://rcats.dev/rcats/index.php/Special:Log"