An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.===Windows===
Example commands and utilities that obtain this information include
ver, Systeminfo, anddirwithin cmd for identifying information based on present files and directories.===Mac===
On Mac, the
systemsetupcommand gives a detailed breakdown of the system, but it requires administrative privileges. Additionally, thesystem_profilergives a very detailed breakdown of configurations, firewall rules, mounted volumes, hardware, and many other things without needing elevated permissions.Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities based on the information obtained.
Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell.
Platforms: Linux, macOS, Windows
Data Sources: Process command-line parameters, Process monitoring
Permissions Required: User
Identify System Info
Supported Platforms: Windows
systeminfo
reg query HKLM\SYSTEM\CurrentControlSet\Services\Disk\Enum
Identify System Info
Supported Platforms: Linux, macOS
systemsetup
system_profiler
ls -al /Applications
Identify System Info
Supported Platforms: Linux, macOS
uname -a >> /tmp/loot.txt
cat /etc/lsb-release >> /tmp/loot.txt
cat /etc/redhat-release >> /tmp/loot.txt
uptime >> /tmp/loot.txt