Systeminfo (Windows)
Systeminfo is a native utility of Windows that offers comprehensive configuration details on a system and its operating system, such as:
Operating System Configuration:OS name, version, manufacturer, configuration, OS build type, registered owner, registered organization, original install date, system locale, input locale, product ID, time zone, login server, and original install locale
Hardware properties: total physical memory, physically available memory, processors, network cards, RAM, and virtual memory
Additional system information: Windows directory, system directory, BIOS version, system boot time, system manufacturer, model, and type, as well as boot device
The Connection Manager service profiles are installed using the built-in Windows command-line tool CMSTP (the Microsoft Connection Manager Profile Installer). By giving installation information files (.inf) infected with malicious commands to CMSTP.exe, adversaries use it for proxy execution of these commands.
"One single vulnerability is all an attacker needs. " -Window Snyder
2. Systemsetup (macOS)
A macOS command called systemsetup enables users to collect and customize particular per-machine configurations that are generally defined in the System Preferences program. For system information discovery, systemsetup can be combined with the following options:
It should be noted that the systemsetup command needs at least "admin" privileges to be executed.
Various APIs are used by adversaries to access data on cloud infrastructure instances. For obtaining instance information, each Infrastructure-as-a-Service (IaaS) provider, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), has its own API call.
AWS's describe-instance-information API call provides details on instances, such as the computer's name, instanceid, IP address, OS type, OS name, and OS version.
Happy new year !· Xi Qang