Discovery of Network Environment via Built-in Tools

Build-in tools can be used to enumerate and discover network environment on unix systems.

id:fd7a0c56-60fa-4f14-8c8e-0e41ad955725 categories:enrich confidence:low os:macos, linux created:7/26/2019 updated:7/26/2019

MITRE ATT&CK™ Mapping

tactics:Discovery techniques:T1016 System Network Configuration Discovery

Query

process where subtype.create and (
  process_name in ("ifconfig", "arp", "networkctl", "netstat", "route", "ntop") or (
    process_name in ('cat', 'more', 'less', 'vim', 'vi', 'nano', 'gedit') and
    command_line =="* /etc/hosts*"
  )
)

Contributors

• Endgame