T1082.md

T1082 - System Information Discovery

Description from ATT&CK

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

Windows

Example commands and utilities that obtain this information include ver, Systeminfo, and dir within cmd for identifying information based on present files and directories.

Mac

On Mac, the systemsetup command gives a detailed breakdown of the system, but it requires administrative privileges. Additionally, the system_profiler gives a very detailed breakdown of configurations, firewall rules, mounted volumes, hardware, and many other things without needing elevated permissions.

Atomic Tests

• Atomic Test #1 - System Information Discovery

• Atomic Test #2 - System Information Discovery

• Atomic Test #3 - List OS Information

Atomic Test #1 - System Information Discovery

Identify System Info

Supported Platforms: Windows

Run it with command_prompt!

systeminfo
reg query HKLM\SYSTEM\CurrentControlSet\Services\Disk\Enum

Atomic Test #2 - System Information Discovery

Identify System Info

Supported Platforms: Linux, macOS

Run it with sh!

systemsetup
system_profiler
ls -al /Applications

Atomic Test #3 - List OS Information

Identify System Info

Supported Platforms: Linux, macOS

Run it with sh!

uname -a >> /tmp/loot.txt
cat /etc/lsb-release >> /tmp/loot.txt
cat /etc/redhat-release >> /tmp/loot.txt
uptime >> /tmp/loot.txt