Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Atera/Splashtop to Acquire #152

Open
DissectBot opened this issue Mar 14, 2024 · 0 comments
Open

Add Atera/Splashtop to Acquire #152

DissectBot opened this issue Mar 14, 2024 · 0 comments
Assignees
@sud0woodo
Labels
epic:acquire addtional paths good first issue Good for newcomers

Comments

@DissectBot
Copy link

During a CERT case it was observed that the actors were using the Atera Management Agent. This agent seems to use the Splashtop Remote Access Tool underlying. We'll need to add these locations to acquire so we can query this data with target-query.

File locations: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\log\

  • svcinfo.txt -> Splashtop service information loggin;
  • agent_log.txt -> agent output, generic information;
  • sysinfo.txt -> information about server and session startups;
  • SPLog.00x -> information about clipboard, transferred files, etc;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sud0woodo sud0woodo

Labels
epic:acquire addtional paths good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sud0woodo @DissectBot