CYBERSECURITY JOB HUNTING GUIDE
Execution
Author: Stefan Waldvogel
Summery:
T1059.001 PowerShell
all 15 cases detected
T1059.003 Windows Command Shell
all 2 cases detected, but not the script
T1059.005 Visual Basic
-not tested, Word not installed-
T1559.002 Dynamic Data Exchange
all cases detected, but not spesific
T1106 Native API
case detected
T1053.002 At (Windows)
case detected
T1053.005 Scheduled Task
all 5 cases detected (1 case required word, not installed), 3 cases with details
T1069.002 Service Execution
all 8 cases detected, 5 with details
T1204.002 Malicious File
7 cases with word (not installed), one case detected
T1047 Windows Management Instrumentation
7 out of 8 detected, Test 5 not detected (there is a good reason for this)
T1059.001 PowerShell
all 15 cases detected
T1059.003 Windows Command Shell
all 2 cases detected, but not the script
T1059.005 Visual Basic
-not tested, Word not installed-
T1559.002 Dynamic Data Exchange
all cases detected, but not spesific
T1106 Native API
case detected
T1053.002 At (Windows)
case detected
T1053.005 Scheduled Task
all 5 cases detected (1 case required word, not installed), 3 cases with details
T1069.002 Service Execution
all 8 cases detected, 5 with details
T1204.002 Malicious File
7 cases with word (not installed), one case detected
T1047 Windows Management Instrumentation
7 out of 8 detected, Test 5 not detected (there is a good reason for this)
© 2021. This work is licensed under a CC BY-SA 4.0 license