User contributions for Ali3nw3rx

Search for contributionsExpandCollapse
⧼contribs-top⧽
⧼contribs-date⧽
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)

21 February 2023

5 February 2023

1 February 2023

28 January 2023

26 January 2023

  • 18:4718:47, 26 January 2023 diff hist +171 N Template:Test pageCreated page with "== This is our test page == == section 1 == === code we want to grab === == section 2 == === more code to grab === <syntaxhighlight> some random code </syntaxhighlight>" current
  • 18:2318:23, 26 January 2023 diff hist +29 N Test cheat sheetCreated page with "enumeration"
  • 17:5217:52, 26 January 2023 diff hist +27 Category:Scheduled Task/JobNo edit summary current
  • 16:2016:20, 26 January 2023 diff hist +435 N Category:PersistenceCreated page with "The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code."
  • 16:1416:14, 26 January 2023 diff hist 0 m Category:ExecutionProtected "Category:Execution" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))
  • 16:0516:05, 26 January 2023 diff hist +775 N Container Orchestration JobCreated page with "Adversaries may abuse task scheduling functionality provided by container orchestration tools such as Kubernetes to schedule deployment of containers configured to execute malicious code. Container orchestration jobs run these automated tasks at a specific date and time, similar to cron jobs on a Linux system. Deployments of this type can also be configured to maintain a quantity of containers over time, automating the process of maintaining persistence within a cluster...." current
  • 16:0516:05, 26 January 2023 diff hist +1,173 N Systemd TimersCreated page with "Adversaries may abuse systemd timers to perform task scheduling for initial or recurring execution of malicious code. Systemd timers are unit files with file extension .timer that control services. Timers can be set to run on a calendar event or after a time span relative to a starting point. They can be used as an alternative to Cron in Linux environments.[1] Systemd timers may be activated remotely via the systemctl command line utility, which operates over SSH.[2] Ea..." current
  • 16:0416:04, 26 January 2023 diff hist +1,769 N Scheduled TaskCreated page with "Adversaries may abuse the Windows Task Scheduler to perform task scheduling for initial or recurring execution of malicious code. There are multiple ways to access the Task Scheduler in Windows. The schtasks utility can be run directly on the command line, or the Task Scheduler can be opened through the GUI within the Administrator Tools section of the Control Panel. In some cases, adversaries have used a .NET wrapper for the Windows Task Scheduler, and alternatively, ad..."
  • 16:0316:03, 26 January 2023 diff hist +546 N CronCreated page with "Adversaries may abuse the cron utility to perform task scheduling for initial or recurring execution of malicious code.[1] The cron utility is a time-based job scheduler for Unix-like operating systems. The crontab file contains the schedule of cron entries to be run and the specified times for execution. Any crontab files are stored in operating system-specific file paths. An adversary may use cron in Linux or Unix environments to execute programs at system startup or..." current
  • 16:0316:03, 26 January 2023 diff hist +1,444 N AtCreated page with "Adversaries may abuse the at utility to perform task scheduling for initial or recurring execution of malicious code. The at utility exists as an executable within Windows, Linux, and macOS for scheduling tasks at a specified time and date. Although deprecated in favor of Scheduled Task's schtasks in Windows environments, using at requires that the Task Scheduler service be running, and the user to be logged on as a member of the local Administrators group. On Linux and..." current
  • 16:0216:02, 26 January 2023 diff hist +987 N Category:Scheduled Task/JobCreated page with "Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of..."
  • 15:1615:16, 26 January 2023 diff hist +437 N Category:ExecutionCreated page with "The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery."

22 January 2023

  • 14:5614:56, 22 January 2023 diff hist +538 Template:WriteupNo edit summary current
  • 14:4714:47, 22 January 2023 diff hist +311 N Template:WriteupCreated page with "==Box Info== <syntaxhighlight> * Box Name * Box IP * Date </syntaxhighlight> ==Enumeration== ===Credentials=== <syntaxhighlight> * Usernames * Passwords * Hashes * Notes </syntaxhighlight> ===NMAP=== ===LINWINPWN=== ===DIR SEARCH=== ==Exploits== ==Foot Hold== ==Privilege Escalation== ==Pivot/Lateral Movement=="
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)