Ps Tools
1.0.0
對我們在參與期間登陸的系統有良好的技術理解是決定操作中下一步將是什麼的關鍵條件。收集和分析來自受損系統的運行過程數據為我們提供了豐富的信息,並幫助我們更好地了解目標組織中的IT景觀是如何設置的。此外,定期進行輪詢過程數據使我們能夠對環境內的變化做出反應,或者在進行調查時提供觸發器。
為了能夠從受損的終點收集詳細的過程數據,我們編寫了一系列流程工具,該工具將這些高級流程實用程序的功能帶入了C2框架(例如鈷罷工)。
More info about the tools and used techniques can be found on the following Blog: https://outflank.nl/blog/2020/03/11/red-team-tactics-advanced-process-monitoring-techniques-in-offensive-營運/
Psx: Shows a detailed list of all processes running on the system.
Psk: Shows detailed kernel information including loaded driver modules.
Psc: Shows a detailed list of all processes with Established TCP connections.
Psm: Show detailed module information from a specific process id (loaded modules, network connections e.g.).
Psh: Show detailed handle information from a specific process id (object handles, network connections e.g.).
Psw: Show Window titles from processes with active Windows.
Download the Outflank-Ps-Tools folder and load the Ps-Tools.cna script within the Cobalt Strike Script Manager.
Use the Beacon help command to display syntax information.
This project is written in C/C++
You can use Visual Studio to compile the reflective dll's from source.
作者:Cornelis de Plaa(@Cneelis) / Outflank
大喊:Stan Hegt(@StanHacked)和我所有其他偉大的同事
