45 lines
965 B
YAML
45 lines
965 B
YAML
---
|
|
id: caldera-test-001
|
|
name: Get System Info
|
|
description: Collect basic system information using whoami and systeminfo commands
|
|
tactic: discovery
|
|
technique:
|
|
attack_id: T1082
|
|
name: System Information Discovery
|
|
platforms:
|
|
windows:
|
|
psh:
|
|
command: |
|
|
whoami /all
|
|
systeminfo
|
|
cleanup: ""
|
|
cmd:
|
|
command: |
|
|
whoami
|
|
systeminfo
|
|
linux:
|
|
sh:
|
|
command: |
|
|
uname -a
|
|
cat /etc/os-release
|
|
cleanup: ""
|
|
---
|
|
id: caldera-test-002
|
|
name: List Network Connections
|
|
description: Enumerate active network connections and listening ports
|
|
tactic: discovery
|
|
technique:
|
|
attack_id: T1049
|
|
name: System Network Connections Discovery
|
|
platforms:
|
|
windows:
|
|
psh:
|
|
command: |
|
|
Get-NetTCPConnection | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State
|
|
cleanup: ""
|
|
linux:
|
|
sh:
|
|
command: |
|
|
netstat -tulnp 2>/dev/null || ss -tulnp
|
|
cleanup: ""
|