All public logs

Combined display of all available logs of RCATs. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
  • 16:02, 26 January 2023 Ali3nw3rx talk contribs created page Category:Scheduled Task/Job (Created page with "Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of...")
  • 16:01, 26 January 2023 Ali3nw3rx talk contribs created page Native API (Created page with "Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.[1][2] These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations. Native API functions...")
  • 15:57, 26 January 2023 Ali3nw3rx talk contribs created page XPC Services (Created page with "Adversaries can provide malicious content to an XPC service daemon for local code execution. macOS uses XPC services for basic inter-process communication between various processes, such as between the XPC Service daemon and third-party application privileged helper tools. Applications can send messages to the XPC Service daemon, which runs as root, using the low-level XPC Service C API or the high level NSXPCConnection API in order to handle tasks that require elevated...")
  • 15:56, 26 January 2023 Ali3nw3rx talk contribs created page Dynamic Data Exchange (Created page with "Adversaries may use Windows Dynamic Data Exchange (DDE) to execute arbitrary commands. DDE is a client-server protocol for one-time and/or continuous inter-process communication (IPC) between applications. Once a link is established, applications can autonomously exchange transactions consisting of strings, warm data links (notifications when a data item changes), hot data links (duplications of changes to a data item), and requests for command execution. Object Linking...")
  • 15:55, 26 January 2023 Ali3nw3rx talk contribs created page Component Object Model (Created page with "Adversaries may use the Windows Component Object Model (COM) for local code execution. COM is an inter-process communication (IPC) component of the native Windows application programming interface (API) that enables interaction between software objects, or executable code that implements one or more interfaces.[1] Through COM, a client object can call methods of server objects, which are typically binary Dynamic Link Libraries (DLL) or executables (EXE).[2] Remote COM ex...")
  • 15:54, 26 January 2023 Ali3nw3rx talk contribs created page Category:Inter-Process Communication (Created page with "Adversaries may abuse inter-process communication (IPC) mechanisms for local code or command execution. IPC is typically used by processes to share data, communicate with each other, or synchronize execution. IPC is also commonly used to avoid situations such as deadlocks, which occurs when processes are stuck in a cyclic waiting pattern. Adversaries may abuse IPC to execute arbitrary code or commands. IPC mechanisms may differ depending on OS, but typically exists in a...")
  • 15:53, 26 January 2023 Ali3nw3rx talk contribs created page Exploitation for Client Execution (Created page with "Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because...")
  • 15:52, 26 January 2023 Ali3nw3rx talk contribs created page Deploy Container (Created page with "Adversaries may deploy a container into an environment to facilitate execution or evade defenses. In some cases, adversaries may deploy a new container to execute processes associated with a particular image or deployment, such as processes that execute or download malware. In others, an adversary may deploy a new container configured without network rules, user limitations, etc. to bypass existing defenses within the environment. Containers can be deployed by various m...")
  • 15:51, 26 January 2023 Ali3nw3rx talk contribs created page Container Administration Command (Created page with "Adversaries may abuse a container administration service to execute commands within a container. A container administration service such as the Docker daemon, the Kubernetes API server, or the kubelet may allow remote management of containers within an environment.[1][2][3] In Docker, adversaries may specify an entrypoint during container deployment that executes a script or command, or they may use a command such as docker exec to execute a command within a running con...")
  • 15:50, 26 January 2023 Ali3nw3rx talk contribs created page Network Device CLI (Created page with "Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads. The CLI is the primary means through which users and administrators interact with the device in order to view system information, modify device operations, or perform diagnostic and administrative functions. CLIs typically contain various permission levels required for different commands. Scripting interpreters automate tasks and exte...")
  • 15:49, 26 January 2023 Ali3nw3rx talk contribs created page JavaScript (Created page with "Adversaries may abuse various implementations of JavaScript for execution. JavaScript (JS) is a platform-independent scripting language (compiled just-in-time at runtime) commonly associated with scripts in webpages, though JS can be executed in runtime environments outside the browser.[1] JScript is the Microsoft implementation of the same scripting standard. JScript is interpreted via the Windows Script engine and thus integrated with many components of Windows such a...")
  • 15:49, 26 January 2023 Ali3nw3rx talk contribs created page Python (Created page with "Adversaries may abuse Python commands and scripts for execution. Python is a very popular scripting/programming language, with capabilities to perform many functions. Python can be executed interactively from the command-line (via the python.exe interpreter) or via scripts (.py) that can be written and distributed to different systems. Python code can also be compiled into binary executables. Python comes with many built-in packages to interact with the underlying syste...")
  • 15:48, 26 January 2023 Ali3nw3rx talk contribs created page Visual Basic (Created page with "Adversaries may abuse Visual Basic (VB) for execution. VB is a programming language created by Microsoft with interoperability with many Windows technologies such as Component Object Model and the Native API through the Windows API. Although tagged as legacy with no planned future evolutions, VB is integrated and supported in the .NET Framework and cross-platform .NET Core.[1][2] Derivative languages based on VB have also been created, such as Visual Basic for Applicati...")
  • 15:47, 26 January 2023 Ali3nw3rx talk contribs created page Unix Shell (Created page with "Adversaries may abuse Unix shell commands and scripts for execution. Unix shells are the primary command prompt on Linux and macOS systems, though many variations of the Unix shell exist (e.g. sh, bash, zsh, etc.) depending on the specific OS or distribution.[1][2] Unix shells can control every aspect of a system, with certain commands requiring elevated privileges. Unix shells also support scripts that enable sequential execution of commands as well as other typical pr...")
  • 15:46, 26 January 2023 Ali3nw3rx talk contribs created page Windows Command Shell (Created page with "Adversaries may abuse the Windows command shell for execution. The Windows command shell (cmd) is the primary command prompt on Windows systems. The Windows command prompt can be used to control almost any aspect of a system, with various permission levels required for different subsets of commands. The command prompt can be invoked remotely via Remote Services such as SSH.[1] Batch files (ex: .bat or .cmd) also provide the shell with a list of sequential commands to ru...") Tag: Visual edit: Switched
  • 15:46, 26 January 2023 Ali3nw3rx talk contribs created page AppleScript (Created page with "Adversaries may abuse AppleScript for execution. AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.[1] These AppleEvent messages can be sent independently or easily scripted with AppleScript. These events can locate open windows, send keystrokes, and interact with almost any open application locally or remotely. Scripts can be run from the command-line via osascript /path/to/s...") Tag: Visual edit
  • 15:45, 26 January 2023 Ali3nw3rx talk contribs created page PowerShell (Created page with "Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.[1] Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the <code>Start-Process</code> cmdlet which can be used to run an executable and the <code>Invoke-Command</code> cmdlet which runs a comm...") Tag: Visual edit: Switched
  • 15:23, 26 January 2023 Ali3nw3rx talk contribs created page Category:Command and Scripting Interpreter (Created page with "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShe...") Tag: Visual edit
  • 15:16, 26 January 2023 Ali3nw3rx talk contribs created page Category:Execution (Created page with "The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.")
  • 14:47, 22 January 2023 Ali3nw3rx talk contribs created page Template:Writeup (Created page with "==Box Info== <syntaxhighlight> * Box Name * Box IP * Date </syntaxhighlight> ==Enumeration== ===Credentials=== <syntaxhighlight> * Usernames * Passwords * Hashes * Notes </syntaxhighlight> ===NMAP=== ===LINWINPWN=== ===DIR SEARCH=== ==Exploits== ==Foot Hold== ==Privilege Escalation== ==Pivot/Lateral Movement==")
  • 14:37, 22 January 2023 Ali3nw3rx talk contribs created page Writeup (Created page with "{{Writeup}}") Tag: Visual edit: Switched
  • 13:49, 22 January 2023 Ali3nw3rx talk contribs created page Compromise Infrastructure (Created page with "Adversaries may compromise third-party infrastructure that can be used during targeting. Infrastructure solutions include physical or cloud servers, domains, and third-party web and DNS services. Instead of buying, leasing, or renting infrastructure an adversary may compromise infrastructure and use it during other phases of the adversary lifecycle.[1][2][3][4] Additionally, adversaries may compromise numerous machines to form a botnet they can leverage. Use of compromi...")
  • 13:42, 22 January 2023 Ali3nw3rx talk contribs created page Email Accounts (Created page with "Adversaries may compromise email accounts that can be used during targeting. Adversaries can use compromised email accounts to further their operations, such as leveraging them to conduct Phishing for Information or Phishing. Utilizing an existing persona with a compromised email account may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the compromised persona. Compromised email accounts can also be used in the acquisition...")
  • 13:41, 22 January 2023 Ali3nw3rx talk contribs created page Social Media Accounts (Created page with "Adversaries may compromise social media accounts that can be used during targeting. For operations incorporating social engineering, the utilization of an online persona may be important. Rather than creating and cultivating social media profiles (i.e. Social Media Accounts), adversaries may compromise existing social media accounts. Utilizing an existing persona may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the comprom...")
  • 13:39, 22 January 2023 Ali3nw3rx talk contribs created page Category:Compromise Accounts (Created page with "Adversaries may compromise accounts with services that can be used during targeting. For operations incorporating social engineering, the utilization of an online persona may be important. Rather than creating and cultivating accounts (i.e. Establish Accounts), adversaries may compromise existing accounts. Utilizing an existing persona may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the compromised persona. A variety of...") Tag: Visual edit: Switched
  • 13:36, 22 January 2023 Ali3nw3rx talk contribs created page Serverless (Created page with "Adversaries may purchase and configure serverless cloud infrastructure, such as Cloudflare Workers or AWS Lambda functions, that can be used during targeting. By utilizing serverless infrastructure, adversaries can make it more difficult to attribute infrastructure used during operations back to them. Once acquired, the serverless runtime environment can be leveraged to either respond directly to infected machines or to Proxy traffic to an adversary-owned command and co...") Tag: Visual edit
  • 13:35, 22 January 2023 Ali3nw3rx talk contribs created page Web Services (Created page with "Adversaries may register for web services that can be used during targeting. A variety of popular websites exist for adversaries to register for a web-based service that can be abused during later stages of the adversary lifecycle, such as during Command and Control (Web Service) or Exfiltration Over Web Service. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. By utilizing a web service, advers...") Tag: Visual edit
  • 13:34, 22 January 2023 Ali3nw3rx talk contribs created page Botnet (Created page with "Adversaries may buy, lease, or rent a network of compromised systems that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks.[1] Adversaries may purchase a subscription to use an existing botnet from a booter/stresser service. With a botnet at their disposal, adversaries may perform follow-on activity such as large-scale Phishing or Distributed Denial of Service (DDoS).[2][3][4][5] category:Ac...")
  • 13:34, 22 January 2023 Ali3nw3rx talk contribs created page Server (Created page with "Adversaries may buy, lease, or rent physical servers that can be used during targeting. Use of servers allows an adversary to stage, launch, and execute an operation. During post-compromise activity, adversaries may utilize servers for various tasks, including for Command and Control. Instead of compromising a third-party Server or renting a Virtual Private Server, adversaries may opt to configure and run their own servers in support of operations. Adversaries may only...")
  • 13:29, 22 January 2023 Ali3nw3rx talk contribs created page Recon (Redirected page to Category:Reconnaissance) Tag: New redirect
  • 13:27, 22 January 2023 Ali3nw3rx talk contribs created page Virtual Private Server (Created page with "Adversaries may rent Virtual Private Servers (VPSs) that can be used during targeting. There exist a variety of cloud service providers that will sell virtual machines/containers as a service. By utilizing a VPS, adversaries can make it difficult to physically tie back operations to them. The use of cloud infrastructure can also make it easier for adversaries to rapidly provision, modify, and shut down their infrastructure. Acquiring a VPS for use in later stages of the...") Tag: Visual edit: Switched
  • 13:27, 22 January 2023 Ali3nw3rx talk contribs created page DNS Server (Created page with "Adversaries may set up their own Domain Name System (DNS) servers that can be used during targeting. During post-compromise activity, adversaries may utilize DNS traffic for various tasks, including for Command and Control (ex: Application Layer Protocol). Instead of hijacking existing DNS servers, adversaries may opt to configure and run their own DNS servers in support of operations. By running their own DNS servers, adversaries can have more control over how they adm...") Tag: Visual edit
  • 13:23, 22 January 2023 Ali3nw3rx talk contribs created page Domains (Created page with "Adversaries may acquire domains that can be used during targeting. Domain names are the human readable names used to represent one or more IP addresses. They can be purchased or, in some cases, acquired for free. Adversaries may use acquired domains for a variety of purposes, including for Phishing, Drive-by Compromise, and Command and Control.[1] Adversaries may choose domains that are similar to legitimate domains, including through use of homoglyphs or use of a diffe...")
  • 13:22, 22 January 2023 Ali3nw3rx talk contribs created page Category:Acquire Infrastructure (Created page with "Adversaries may buy, lease, or rent infrastructure that can be used during targeting. A wide variety of infrastructure exists for hosting and orchestrating adversary operations. Infrastructure solutions include physical or cloud servers, domains, and third-party web services.[1] Additionally, botnets are available for rent or purchase. Use of these infrastructure solutions allows an adversary to stage, launch, and execute an operation. Solutions may help adversary opera...")
  • 13:20, 22 January 2023 Ali3nw3rx talk contribs created page Category:Resource Development (Created page with "The adversary is trying to establish resources they can use to support operations. Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Cont...") Tag: Visual edit
  • 13:12, 22 January 2023 Ali3nw3rx talk contribs deleted page Reconnaissance (content was: "Category:Reconnaissance test page __NEWSECTIONLINK__", and the only contributor was "Ali3nw3rx" (talk))
  • 12:56, 22 January 2023 Ali3nw3rx talk contribs uploaded File:Gaming-logo-generator-with-a-masked-shooter-character-2734l-2927.png
  • 12:56, 22 January 2023 Ali3nw3rx talk contribs created page File:Gaming-logo-generator-with-a-masked-shooter-character-2734l-2927.png
  • 12:44, 22 January 2023 Ali3nw3rx talk contribs uploaded File:Logo-template-featuring-gaming-weapons-3019 (1).png
  • 12:44, 22 January 2023 Ali3nw3rx talk contribs created page File:Logo-template-featuring-gaming-weapons-3019 (1).png
  • 12:43, 22 January 2023 Ali3nw3rx talk contribs uploaded File:Gaming-logo-maker-featuring-robotic-animal-graphics-1028-el1 (2).png
  • 12:43, 22 January 2023 Ali3nw3rx talk contribs created page File:Gaming-logo-maker-featuring-robotic-animal-graphics-1028-el1 (2).png
  • 12:31, 22 January 2023 Ali3nw3rx talk contribs created page Reconnaissance (Created page with "Category:Reconnaissance test page __NEWSECTIONLINK__") Tag: Visual edit
  • 02:34, 22 January 2023 Ali3nw3rx talk contribs created page CrackMapExec (Created page with "CrackMapExec Page Coming Soon....") Tag: Visual edit
  • 18:26, 21 January 2023 Ali3nw3rx talk contribs created page Category:Search Victim-Owned Websites (Created page with "Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: Email Addresses). These sites may also have details highlighting business operations and relationships.[1] Adversaries may search victim-owned websites to gather actionable informa...")
  • 18:25, 21 January 2023 Ali3nw3rx talk contribs deleted page Categroy: Search Victim-Owned Websites (content was: "Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: Email Addresses). These sites may also have details highlighting business opera...", and the only contributor was "Ali3nw3rx" (talk))
  • 18:22, 21 January 2023 Ali3nw3rx talk contribs created page Categroy: Search Victim-Owned Websites (Created page with "Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: Email Addresses). These sites may also have details highlighting business operations and relationships.[1] Adversaries may search victim-owned websites to gather actionable informa...")
  • 18:21, 21 January 2023 Ali3nw3rx talk contribs created page Code Repositories (Created page with "Adversaries may search public code repositories for information about victims that can be used during targeting. Victims may store code in repositories on various third-party websites such as GitHub, GitLab, SourceForge, and BitBucket. Users typically interact with code repositories through a web application or command-line utilities such as git. Adversaries may search various public code repositories for various information about a victim. Public code repositories can...")
  • 18:20, 21 January 2023 Ali3nw3rx talk contribs created page Search Engines (Created page with "Adversaries may use search engines to collect information about victims that can be used during targeting. Search engine services typical crawl online sites to index context and may provide users with specialized syntax to search for specific keywords or specific types of content (i.e. filetypes).[1][2] Adversaries may craft various search engine queries depending on what information they seek to gather. Threat actors may use search engines to harvest general informatio...")
  • 18:18, 21 January 2023 Ali3nw3rx talk contribs created page Social Media (Created page with "Adversaries may search social media for information about victims that can be used during targeting. Social media sites may contain various information about a victim organization, such as business announcements as well as information about the roles, locations, and interests of staff. Adversaries may search in different social media sites depending on what information they seek to gather. Threat actors may passively harvest data from these sites, as well as use informa...")
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
Retrieved from "https://rcats.dev/rcats/index.php/Special:Log/Ali3nw3rx"