Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used or give context to information collected by a keylogger.In Mac, this can be done natively with a small AppleScript script.
Compiles and executes C# code to list main window titles associated with each process.
Supported Platforms: Windows
Name | Description | Type | Default Value |
---|---|---|---|
input_url | URL to source code in Atomic-Red-Team git repository | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1010/src/T1010.cs |
input_source_code | Path to source of C# code | path | PathToAtomicsFolder\T1010\src\T1010.cs |
output_file_name | Name of output binary | string | $env:TEMP\T1010.exe |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe -out:#{output_file_name} #{input_source_code}
#{output_file_name}
del /f /q /s #{output_file_name} >nul 2>&1
if (Test-Path #{input_source_code}) {exit 0} else {exit 1}
Invoke-WebRequest "#{input_URL}" -OutFile "#{input_source_code}"