All public logs

Combined display of all available logs of RCATs. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
  • 15:34, 26 January 2023 SourMilk talk contribs created page Category:Exfiltration Over Alternative Protocol (Created page with "Category:Exfiltration Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.")
  • 15:34, 26 January 2023 SourMilk talk contribs created page Data Transfer Size Limits (Created page with "Category:Exfiltration An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.")
  • 15:34, 26 January 2023 SourMilk talk contribs created page Traffic Duplication (Created page with "Category:Automated Exfiltration Adversaries may leverage traffic mirroring in order to automate data exfiltration over compromised network infrastructure. Traffic mirroring is a native feature for some network devices and used for network analysis and may be configured to duplicate traffic and forward to one or more destinations for analysis by a network analyzer or other monitoring device.")
  • 15:33, 26 January 2023 SourMilk talk contribs created page Category:Automated Exfiltration (Created page with "Category:Exfiltration Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection.")
  • 15:32, 26 January 2023 SourMilk talk contribs created page Category:Exfiltration (Created page with "Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.")
  • 15:31, 26 January 2023 SourMilk talk contribs created page System Shutdown/Reboot (Created page with "Category:Impact Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. reload). Shutting down or rebooting systems may disrupt access to computer resources for legitimate...")
  • 15:31, 26 January 2023 SourMilk talk contribs created page Service Stop (Created page with "Category:Impact Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.")
  • 15:30, 26 January 2023 SourMilk talk contribs created page Resource Hijacking (Created page with "Category:Impact Adversaries may leverage the resources of co-opted systems in order to solve resource intensive problems, which may impact system and/or hosted service availability.")
  • 15:30, 26 January 2023 SourMilk talk contribs created page Reflection Amplification (Created page with "Category:Network Denial of Service Adversaries may attempt to cause a denial of service (DoS) by reflecting a high-volume of network traffic to a target. This type of Network DoS takes advantage of a third-party server intermediary that hosts and will respond to a given spoofed source IP address. This third-party server is commonly termed a reflector. An adversary accomplishes a reflection attack by sending packets to reflectors with the spoofed address of the victim...")
  • 15:30, 26 January 2023 SourMilk talk contribs created page Direct Network Flood (Created page with "Category:Network Denial of Service Adversaries may attempt to cause a denial of service (DoS) by directly sending a high-volume of network traffic to a target. This DoS attack may also reduce the availability and functionality of the targeted system(s) and network. Direct Network Floods are when one or more systems are used to send a high-volume of network packets towards the targeted service's network. Almost any network protocol may be used for flooding. Stateless...")
  • 15:29, 26 January 2023 SourMilk talk contribs created page Category:Network Denial of Service (Created page with "Category:Impact Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users. Network DoS can be performed by exhausting the network bandwidth services rely on. Example resources include specific websites, email services, DNS, and web-based applications. Adversaries have been observed conducting network DoS attacks for political purposes and to support other malicious activities, including distrac...")
  • 15:29, 26 January 2023 SourMilk talk contribs created page Inhibit System Recovery (Created page with "Category:Impact Adversaries may delete or remove built-in operating system data and turn off services designed to aid in the recovery of a corrupted system to prevent recovery. This may deny access to available backups and recovery options.")
  • 15:28, 26 January 2023 SourMilk talk contribs created page Firmware Corruption (Created page with "Category:Impact Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a system in order to render them inoperable or unable to boot, thus denying the availability to use the devices and/or the system. Firmware is software that is loaded and executed from non-volatile memory on hardware devices in order to initialize and manage device functionality. These devices may include the motherboard, hard drive,...")
  • 15:28, 26 January 2023 SourMilk talk contribs created page Application or System Exploitation (Created page with "Category:Endpoint Denial of Service Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. Some systems may automatically restart critical applications and services when crashes occur, but they can likely be re-exploited to cause a persistent denial of service (DoS) condition.")
  • 15:27, 26 January 2023 SourMilk talk contribs created page Application Exhaustion Flood (Created page with "Category:Endpoint Denial of Service Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications. For example, specific features in web applications may be highly resource intensive. Repeated requests to those features may be able to exhaust system resources and deny access to the application or the server itself.")
  • 15:27, 26 January 2023 SourMilk talk contribs created page Service Exhaustion Flood (Created page with "Category:Endpoint Denial of Service Adversaries may target the different network services provided by systems to conduct a denial of service (DoS). Adversaries often target the availability of DNS and web services, however others have been targeted as well. Web server software can be attacked through a variety of means, some of which apply generally while others are specific to the software being used to provide the service.")
  • 15:26, 26 January 2023 SourMilk talk contribs created page OS Exhaustion Flood (Created page with "Category:Endpoint Denial of Service Adversaries may launch a denial of service (DoS) attack targeting an endpoint's operating system (OS). A system's OS is responsible for managing the finite resources as well as preventing the entire system from being overwhelmed by excessive demands on its capacity. These attacks do not need to exhaust the actual resources on a system; the attacks may simply exhaust the limits and available resources that an OS self-imposes.")
  • 15:26, 26 January 2023 SourMilk talk contribs created page Category:Endpoint Denial of Service (Created page with "Category:Impact Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users. Endpoint DoS can be performed by exhausting the system resources those services are hosted on or exploiting the system to cause a persistent crash condition. Example services include websites, email services, DNS, and web-based applications. Adversaries have been observed conducting DoS attacks for political purposes and to suppo...")
  • 15:25, 26 January 2023 SourMilk talk contribs created page Disk Structure Wipe (Created page with "Category:Disk Wipe Adversaries may corrupt or wipe the disk data structures on a hard drive necessary to boot a system; targeting specific critical systems or in large numbers in a network to interrupt availability to system and network resources.")
  • 15:24, 26 January 2023 SourMilk talk contribs created page Disk Content Wipe (Created page with "Category:Disk Wipe Adversaries may erase the contents of storage devices on specific systems or in large numbers in a network to interrupt availability to system and network resources.")
  • 15:24, 26 January 2023 SourMilk talk contribs created page Category:Disk Wipe (Created page with "Category:Impact Adversaries may wipe or corrupt raw disk data on specific systems or in large numbers in a network to interrupt availability to system and network resources. With direct write access to a disk, adversaries may attempt to overwrite portions of disk data. Adversaries may opt to wipe arbitrary portions of disk data and/or wipe disk structures like the master boot record (MBR). A complete wipe of all disk sectors may be attempted.")
  • 15:23, 26 January 2023 Ali3nw3rx talk contribs created page Category:Command and Scripting Interpreter (Created page with "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShe...") Tag: Visual edit
  • 15:23, 26 January 2023 SourMilk talk contribs created page External Defacement (Created page with "Category:Defacement An adversary may deface systems external to an organization in an attempt to deliver messaging, intimidate, or otherwise mislead an organization or users. External Defacement may ultimately cause users to distrust the systems and to question/discredit the system’s integrity. Externally-facing websites are a common victim of defacement; often targeted by adversary and hacktivist groups in order to push a political message or spread propaganda. Ex...")
  • 15:23, 26 January 2023 SourMilk talk contribs created page Internal Defacement (Created page with "Category:Defacement An adversary may deface systems internal to an organization in an attempt to intimidate or mislead users, thus discrediting the integrity of the systems. This may take the form of modifications to internal websites, or directly to user systems with the replacement of the desktop wallpaper. Disturbing or offensive images may be used as a part of Internal Defacement in order to cause user discomfort, or to pressure compliance with accompanying messa...")
  • 15:22, 26 January 2023 SourMilk talk contribs created page Category:Defacement (Created page with "Category:Impact Adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. Reasons for Defacement include delivering messaging, intimidation, or claiming (possibly false) credit for an intrusion. Disturbing or offensive images may be used as a part of Defacement in order to cause user discomfort, or to pressure compliance with accompanying messages.") Tag: Visual edit: Switched
  • 15:21, 26 January 2023 SourMilk talk contribs deleted page Defacement (content was: "Category:Impact Adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. Reasons for Defacement include delivering messaging, intimidation, or claiming (possibly false) credit for an intrusion. Disturbing or offensive images may be used as a part of Defacement in order to cau...", and the only contributor was "SourMilk" (talk))
  • 15:21, 26 January 2023 SourMilk talk contribs created page Defacement (Created page with "Category:Impact Adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. Reasons for Defacement include delivering messaging, intimidation, or claiming (possibly false) credit for an intrusion. Disturbing or offensive images may be used as a part of Defacement in order to cause user discomfort, or to pressure compliance with accompanying messages.")
  • 15:21, 26 January 2023 SourMilk talk contribs created page Runtime Data Manipulation (Created page with "Category:Data Manipulation Adversaries may modify systems in order to manipulate the data as it is accessed and displayed to an end user, thus threatening the integrity of the data. By manipulating runtime data, adversaries may attempt to affect a business process, organizational understanding, and decision making.")
  • 15:20, 26 January 2023 SourMilk talk contribs created page Transmitted Data Manipulation (Created page with "Category:Data Manipulation Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data. By manipulating transmitted data, adversaries may attempt to affect a business process, organizational understanding, and decision making.")
  • 15:20, 26 January 2023 SourMilk talk contribs deleted page Data Manipulation (content was: "Category:Impact Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.", and the only contributor was "SourMilk" (talk))
  • 15:19, 26 January 2023 SourMilk talk contribs created page Category:Data Manipulation (Created page with "Category:Impact Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.")
  • 15:19, 26 January 2023 SourMilk talk contribs created page Stored Data Manipulation (Created page with "Category:Data Manipulation")
  • 15:18, 26 January 2023 SourMilk talk contribs created page Data Manipulation (Created page with "Category:Impact Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.")
  • 15:17, 26 January 2023 SourMilk talk contribs created page Data Encrypted (Created page with "Category:Impact Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data per...")
  • 15:17, 26 January 2023 SourMilk talk contribs created page Data Destruction (Created page with "Category:Impact Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives. Common operating system file deletion commands such as del and rm often only remove pointers to files without wiping the contents of the files t...")
  • 15:16, 26 January 2023 Ali3nw3rx talk contribs created page Category:Execution (Created page with "The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.")
  • 15:16, 26 January 2023 SourMilk talk contribs created page Account Access Removal (Created page with "Category:Impact Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts. Adversaries may also subsequently log off and/or perform a System Shutdown/Reboot to set malicious changes into place.")
  • 15:14, 26 January 2023 SourMilk talk contribs created page Category:Impact (Created page with "The adversary is trying to manipulate, interrupt, or destroy your systems and data. Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to foll...")
  • 13:38, 25 January 2023 SourMilk talk contribs created page Mimikatz (Created page with "Category:Tools") Tag: Visual edit
  • 14:47, 22 January 2023 Ali3nw3rx talk contribs created page Template:Writeup (Created page with "==Box Info== <syntaxhighlight> * Box Name * Box IP * Date </syntaxhighlight> ==Enumeration== ===Credentials=== <syntaxhighlight> * Usernames * Passwords * Hashes * Notes </syntaxhighlight> ===NMAP=== ===LINWINPWN=== ===DIR SEARCH=== ==Exploits== ==Foot Hold== ==Privilege Escalation== ==Pivot/Lateral Movement==")
  • 14:37, 22 January 2023 Ali3nw3rx talk contribs created page Writeup (Created page with "{{Writeup}}") Tag: Visual edit: Switched
  • 13:49, 22 January 2023 Ali3nw3rx talk contribs created page Compromise Infrastructure (Created page with "Adversaries may compromise third-party infrastructure that can be used during targeting. Infrastructure solutions include physical or cloud servers, domains, and third-party web and DNS services. Instead of buying, leasing, or renting infrastructure an adversary may compromise infrastructure and use it during other phases of the adversary lifecycle.[1][2][3][4] Additionally, adversaries may compromise numerous machines to form a botnet they can leverage. Use of compromi...")
  • 13:42, 22 January 2023 Ali3nw3rx talk contribs created page Email Accounts (Created page with "Adversaries may compromise email accounts that can be used during targeting. Adversaries can use compromised email accounts to further their operations, such as leveraging them to conduct Phishing for Information or Phishing. Utilizing an existing persona with a compromised email account may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the compromised persona. Compromised email accounts can also be used in the acquisition...")
  • 13:41, 22 January 2023 Ali3nw3rx talk contribs created page Social Media Accounts (Created page with "Adversaries may compromise social media accounts that can be used during targeting. For operations incorporating social engineering, the utilization of an online persona may be important. Rather than creating and cultivating social media profiles (i.e. Social Media Accounts), adversaries may compromise existing social media accounts. Utilizing an existing persona may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the comprom...")
  • 13:39, 22 January 2023 Ali3nw3rx talk contribs created page Category:Compromise Accounts (Created page with "Adversaries may compromise accounts with services that can be used during targeting. For operations incorporating social engineering, the utilization of an online persona may be important. Rather than creating and cultivating accounts (i.e. Establish Accounts), adversaries may compromise existing accounts. Utilizing an existing persona may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the compromised persona. A variety of...") Tag: Visual edit: Switched
  • 13:36, 22 January 2023 Ali3nw3rx talk contribs created page Serverless (Created page with "Adversaries may purchase and configure serverless cloud infrastructure, such as Cloudflare Workers or AWS Lambda functions, that can be used during targeting. By utilizing serverless infrastructure, adversaries can make it more difficult to attribute infrastructure used during operations back to them. Once acquired, the serverless runtime environment can be leveraged to either respond directly to infected machines or to Proxy traffic to an adversary-owned command and co...") Tag: Visual edit
  • 13:35, 22 January 2023 Ali3nw3rx talk contribs created page Web Services (Created page with "Adversaries may register for web services that can be used during targeting. A variety of popular websites exist for adversaries to register for a web-based service that can be abused during later stages of the adversary lifecycle, such as during Command and Control (Web Service) or Exfiltration Over Web Service. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. By utilizing a web service, advers...") Tag: Visual edit
  • 13:34, 22 January 2023 Ali3nw3rx talk contribs created page Botnet (Created page with "Adversaries may buy, lease, or rent a network of compromised systems that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks.[1] Adversaries may purchase a subscription to use an existing botnet from a booter/stresser service. With a botnet at their disposal, adversaries may perform follow-on activity such as large-scale Phishing or Distributed Denial of Service (DDoS).[2][3][4][5] category:Ac...")
  • 13:34, 22 January 2023 Ali3nw3rx talk contribs created page Server (Created page with "Adversaries may buy, lease, or rent physical servers that can be used during targeting. Use of servers allows an adversary to stage, launch, and execute an operation. During post-compromise activity, adversaries may utilize servers for various tasks, including for Command and Control. Instead of compromising a third-party Server or renting a Virtual Private Server, adversaries may opt to configure and run their own servers in support of operations. Adversaries may only...")
  • 13:29, 22 January 2023 Ali3nw3rx talk contribs created page Recon (Redirected page to Category:Reconnaissance) Tag: New redirect
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
Retrieved from "https://rcats.dev/rcats/index.php/Special:Log"