service 5. DCAR for the hardened containers 6. Common Vulnerabilities and Exposures (CVE)Service / host-based security to provide CVEs for the security sidecar container CSIAC Webinars - DoD Enterprise

获取本机arp / dns缓存 获取当前机器环境变量 [ 主要想看看⽬标机器上有⽆python,jdk,ruby...等语⾔的执⾏环境,后期可设法利⽤ ] 获取当前系统所有本地⽤户及组列表 获取当前系统host⽂件内容 获取当前机器硬件设备信息[ 主要为判断当前机器是否为虚拟机 ] 远程截屏捕捉⽬标⽤户敏感操作 由于上述⼤部分的搜集动作都是基于系统内置⼯具和接⼝,故,可完全依靠EDR来实时捕捉各类敏感进程上报恶意操作

environment include technology prototyping and software platforms. Ideally, programs would manage or host a software platform at the portfolio or enterprise level for use by multiple acquisition programs