Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. Adversaries may use the information from [Process Discovery](https://attack.mitre.org/techniques/T1057) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.An example command that would obtain details on processes is "tasklist" using the Tasklist utility.
In Mac and Linux, this is accomplished with the
ps
command.
Utilize ps to identify processes
Supported Platforms: macOS, Linux
Name | Description | Type | Default Value |
---|---|---|---|
output_file | path of output file | path | /tmp/loot.txt |
ps >> #{output_file}
ps aux >> #{output_file}
Utilize tasklist to identify processes
Supported Platforms: Windows
tasklist