T1082: System Information Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Tools such as Systeminfo can be used to gather detailed system information. A breakdown of system data can also be gathered through the macOS systemsetup command, but requires administrative privileges.

Infrastructure as a Service (laaS) cloud providers such as AWS, GCP, and Azure allow access to instance and virtual machine information via APIs. Successful authenticated API calls can return data such as the operating system platform and status of a particular instance or the model view of a virtual machine.

Example

The systeminfo.exe command will help us get the general and detailed information about the host but we can also use the Get-ComputerInfo from PowerShell

CMD

PowerShell

PreviousT1016: System Network Configuration Discovery NextT1518: Software Discovery

Last updated 4 years ago

Was this helpful?