T1083: File and Directory Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors including whether or not the adversary fully infects the target and/or attempt specific actions.

Many command shell utilities can be used to obtain this information. Examples include dir, tree, ks, find, and locate. Custom tools may also be used to gather file and directory information and interact with the Native API.

Example

Simple by using the dir command we can enumerate directories

PreviousT1046: Network Servie Scanning NextT1486: Domain Trust Discovery

Last updated 3 years ago