valitydev/atomic-threat-coverage
14
0
Fork 0
mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-06 17:45:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9b87010e92
atomic-threat-coverage/Atomic_Threat_Coverage/Triggers/T1010.md
yugoslavskiy f79f50bec3 changed directories names
2019-02-12 04:55:11 +01:00

1.2 KiB
Raw Blame History

T1010 - Application Window Discovery

Description from ATT&CK

Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used or give context to information collected by a keylogger.

In Mac, this can be done natively with a small AppleScript script.

Atomic Tests


Atomic Test #1 - List Process Main Windows - C# .NET

Compiles and executes C# code to list main window titles associated with each process.

Supported Platforms: Windows

Inputs

Name Description Type Default Value
input_source_code Path to source of C# code path C:\AtomicRedTeam\atomics\T1010\src\T1010.cs
output_file_name Name of output binary string T1010.exe

Run it with command_prompt!

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe -out:#{output_file_name} #{input_source_code}
#{output_file_name}