Documentation
¶
Index ¶
- func AVSymantecExtract(ord_map *ordereddict.Dict, options map[string]string)
- func Base64powershellhunter(ord_map *ordereddict.Dict, options map[string]string)
- func BypassReader(label string, input io.Reader) (io.Reader, error)
- func DecodeUtf16XML(r io.Reader, v interface{}) (err error)
- func RDP1029DetermineUsername(ord_map *ordereddict.Dict, options map[string]string)
- func WinRMStringExtract(ord_map *ordereddict.Dict, options map[string]string)
- func XMLScheduledTask(ord_map *ordereddict.Dict, options map[string]string)
- type XMLTask
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AVSymantecExtract ¶
func AVSymantecExtract(ord_map *ordereddict.Dict, options map[string]string)
func Base64powershellhunter ¶
func Base64powershellhunter(ord_map *ordereddict.Dict, options map[string]string)
func DecodeUtf16XML ¶
func RDP1029DetermineUsername ¶
func RDP1029DetermineUsername(ord_map *ordereddict.Dict, options map[string]string)
CURENTLY DISABLED!!!! Event ID 1029 - Microsoft-Windows-TerminalServices-RDPClient/Operational.evtx
func WinRMStringExtract ¶
func WinRMStringExtract(ord_map *ordereddict.Dict, options map[string]string)
func XMLScheduledTask ¶
func XMLScheduledTask(ord_map *ordereddict.Dict, options map[string]string)
Types ¶
type XMLTask ¶
type XMLTask struct {
XMLName xml.Name `xml:"Task"`
Version string `xml:"version,attr"`
Xmlns string `xml:"xmlns,attr"`
RegistrationInfo struct {
Author string `xml:"Author"`
Description string `xml:"Description"`
SecurityDescriptor string `xml:"SecurityDescriptor"`
URI string `xml:"URI"`
Version string `xml:"Version"`
Source string `xml:"Source"`
Date string `xml:"Date"`
Documentation string `xml:"Documentation"`
} `xml:"RegistrationInfo"`
Principals struct {
Principal struct {
ID string `xml:"id,attr"`
GroupId string `xml:"GroupId"`
UserId string `xml:"UserId"`
RunLevel string `xml:"RunLevel"`
DisplayName string `xml:"DisplayName"`
LogonType string `xml:"LogonType"`
ProcessTokenSidType string `xml:"ProcessTokenSidType"`
} `xml:"Principal"`
} `xml:"Principals"`
Settings struct {
DisallowStartIfOnBatteries bool `xml:"DisallowStartIfOnBatteries"`
StopIfGoingOnBatteries bool `xml:"StopIfGoingOnBatteries"`
Enabled bool `xml:"Enabled"`
MultipleInstancesPolicy string `xml:"MultipleInstancesPolicy"`
StartWhenAvailable string `xml:"StartWhenAvailable"`
AllowHardTerminate bool `xml:"AllowHardTerminate"`
RunOnlyIfNetworkAvailable bool `xml:"RunOnlyIfNetworkAvailable"`
AllowStartOnDemand bool `xml:"AllowStartOnDemand"`
Hidden bool `xml:"Hidden"`
RunOnlyIfIdle bool `xml:"RunOnlyIfIdle"`
DisallowStartOnRemoteAppSession bool `xml:"DisallowStartOnRemoteAppSession"`
UseUnifiedSchedulingEngine bool `xml:"UseUnifiedSchedulingEngine"`
WakeToRun bool `xml:"WakeToRun"`
ExecutionTimeLimit string `xml:"ExecutionTimeLimit"`
DeleteExpiredTaskAfter string `xml:"DeleteExpiredTaskAfter"`
Priority string `xml:"Priority"`
NetworkProfileName string `xml:"NetworkProfileName"`
IdleSettings struct {
Duration string `xml:"Duration"`
WaitTimeout string `xml:"WaitTimeout"`
StopOnIdleEnd string `xml:"StopOnIdleEnd"`
RestartOnIdle string `xml:"RestartOnIdle"`
} `xml:"IdleSettings"`
RestartOnFailure struct {
Interval string `xml:"Interval"`
Count string `xml:"Count"`
} `xml:"RestartOnFailure"`
} `xml:"Settings"`
Triggers struct {
LogonTrigger []struct {
ID string `xml:"id,attr"`
StartBoundary string `xml:"StartBoundary"`
EndBoundary string `xml:"EndBoundary"`
Delay string `xml:"Delay"`
Enabled string `xml:"Enabled"`
Repetition struct {
Interval string `xml:"Interval"`
} `xml:"Repetition"`
} `xml:"LogonTrigger"`
CalendarTrigger []struct {
ID string `xml:"id,attr"`
StartBoundary string `xml:"StartBoundary"`
Repetition struct {
Interval string `xml:"Interval"`
Duration string `xml:"Duration"`
} `xml:"Repetition"`
ScheduleByDay struct {
DaysInterval string `xml:"DaysInterval"`
} `xml:"ScheduleByDay"`
} `xml:"CalendarTrigger"`
EventTrigger []struct {
Enabled string `xml:"Enabled"`
ExecutionTimeLimit string `xml:"ExecutionTimeLimit"`
Delay string `xml:"Delay"`
Repetition struct {
Interval string `xml:"Interval"`
Duration string `xml:"Duration"`
} `xml:"Repetition"`
Subscription string `xml:"Subscription"`
} `xml:"EventTrigger"`
TimeTrigger []struct {
ID string `xml:"id,attr"`
StartBoundary string `xml:"StartBoundary"`
EndBoundary string `xml:"EndBoundary"`
Enabled bool `xml:"Enabled"`
} `xml:"TimeTrigger"`
BootTrigger []struct {
Enabled string `xml:"Enabled"`
Delay string `xml:"Delay"`
} `xml:"BootTrigger"`
RegistrationTrigger []struct {
Delay string `xml:"Delay"`
} `xml:"RegistrationTrigger"`
IdleTrigger []struct {
ID string `xml:"id,attr"`
Repetition struct {
Interval string `xml:"Interval"`
} `xml:"Repetition"`
} `xml:"IdleTrigger"`
SessionStateChangeTrigger []struct {
StateChange string `xml:"StateChange"`
} `xml:"SessionStateChangeTrigger"`
} `xml:"Triggers"`
Actions struct {
Context string `xml:"Context,attr"`
Exec []struct {
Command string `xml:"Command"`
Arguments string `xml:"Arguments"`
WorkingDirectory string `xml:"WorkingDirectory"`
} `xml:"Exec"`
ComHandler []struct {
ClassId string `xml:"ClassId"`
Data string `xml:"Data"`
} `xml:"ComHandler"`
SendEmail []struct {
Server string `xml:"Server"`
Subject string `xml:"Subject"`
To string `xml:"To"`
Cc string `xml:"Cc"`
Bcc string `xml:"Bcc"`
ReplyTo string `xml:"ReplyTo"`
From string `xml:"From"`
//HeaderFields string `xml:"HeaderFields"`
Body string `xml:"Body"`
} `xml:"SendEmail"`
ShowMessage []struct {
Title string `xml:"Title"`
Body string `xml:"Body"`
} `xml:"ShowMessage"`
} `xml:"Actions"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.