17.B) Data from Local System, Data Staged
Cyb3rWard0g opened this issue · 0 comments
Cyb3rWard0g commented
Description
The attacker collects (T1005) and stages (T1074) a file of interest.
1. New-Item -Path "C:\Windows\Temp\" -Name "WindowsParentalControlMigration" -ItemType "directory"
2. Copy-Item "C:\Users\dschrute\Documents\MITRE-ATTACK-EVALS.HTML" -Destination "C:\Windows\Temp\WindowsParentalControlMigration"