Ps Tools
1.0.0
对我们在参与期间登陆的系统有良好的技术理解是决定操作中下一步将是什么的关键条件。收集和分析来自受损系统的运行过程数据为我们提供了丰富的信息,并帮助我们更好地了解目标组织中的IT景观是如何设置的。此外,定期进行轮询过程数据使我们能够对环境内的变化做出反应,或者在进行调查时提供触发器。
为了能够从受损的终点收集详细的过程数据,我们编写了一系列流程工具,该工具将这些高级流程实用程序的功能带入了C2框架(例如钴罢工)。
有关工具和使用技术的更多信息,请访问以下博客:https://outflank.nl/blog/2020/03/11/red-team-tactics-tactics-adactics-adactics-adacces-process-process-process-monitoring-techniques-techniques-informent-inflist--运营/
Psx: Shows a detailed list of all processes running on the system.
Psk: Shows detailed kernel information including loaded driver modules.
Psc: Shows a detailed list of all processes with Established TCP connections.
Psm: Show detailed module information from a specific process id (loaded modules, network connections e.g.).
Psh: Show detailed handle information from a specific process id (object handles, network connections e.g.).
Psw: Show Window titles from processes with active Windows.
Download the Outflank-Ps-Tools folder and load the Ps-Tools.cna script within the Cobalt Strike Script Manager.
Use the Beacon help command to display syntax information.
This project is written in C/C++
You can use Visual Studio to compile the reflective dll's from source.
作者:Cornelis de Plaa(@Cneelis) / Outflank
大喊:Stan Hegt(@StanHacked)和我所有其他伟大的同事
