From 7ca45722d922e150cdf016e60a1ed8d25f5d36ef Mon Sep 17 00:00:00 2001
From: Steven Dick <38897662+nterl0k@users.noreply.github.com>
Date: Fri, 27 Dec 2024 08:22:14 -0500
Subject: [PATCH] initial upload

---
 .../netexec_toolkit_usage/netexec_toolkit_usage.log |  3 +++
 .../netexec_toolkit_usage/netexec_toolkit_usage.yml | 13 +++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 datasets/attack_techniques/T1550/netexec_toolkit_usage/netexec_toolkit_usage.log
 create mode 100644 datasets/attack_techniques/T1550/netexec_toolkit_usage/netexec_toolkit_usage.yml

diff --git a/datasets/attack_techniques/T1550/netexec_toolkit_usage/netexec_toolkit_usage.log b/datasets/attack_techniques/T1550/netexec_toolkit_usage/netexec_toolkit_usage.log
new file mode 100644
index 00000000..baacca7d
--- /dev/null
+++ b/datasets/attack_techniques/T1550/netexec_toolkit_usage/netexec_toolkit_usage.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b60c3c509a1fd6d15b69773ec6d64939e2554e7ef6ee5698f6b9505814e3e8d6
+size 147059
diff --git a/datasets/attack_techniques/T1550/netexec_toolkit_usage/netexec_toolkit_usage.yml b/datasets/attack_techniques/T1550/netexec_toolkit_usage/netexec_toolkit_usage.yml
new file mode 100644
index 00000000..a152f714
--- /dev/null
+++ b/datasets/attack_techniques/T1550/netexec_toolkit_usage/netexec_toolkit_usage.yml
@@ -0,0 +1,13 @@
+author: Steven Dick
+id: 20d4ad98-e216-4a23-a731-84ebf077aecc
+date: '2024-12-19'
+description: 'A set of events related the usage of NetExec attacker toolkit.'
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1550/netexec_toolkit_usage/netexec_toolkit_usage.log
+sourcetypes:
+- XmlWinEventLog
+references:
+- https://www.netexec.wiki/
+- https://www.johnvictorwolfe.com/2024/07/21/the-successor-to-crackmapexec/
+- https://attack.mitre.org/software/S0488/
\ No newline at end of file