🍎

T1120

Peripheral Device Discovery

Description from ATT&CK

Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.(Citation: Peripheral Discovery Linux)(Citation: Peripheral Discovery macOS) Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.

Tests

Test #1 - Find removable storage devices using System Events

This test uses System Events to find all connected removable storage devices.

⚠️ TCC Required 
tell application "System Events" to get name of every disk whose ejectable is true

Download Files

Download .scpt Download .swift Download Binary Download Application Bundle

Test #2 - Find removable storage devices using Finder

This test uses Finder to find all connected removable storage devices.

⚠️ TCC Required 
tell application "Finder" to get name of every disk whose ejectable is true

Download Files

Download .scpt Download .swift Download Binary Download Application Bundle

Test #3 - Find all devices using System Information

This test uses System Information to find all connected devices (bluetooth, wifi, disks, application versions, etc.).

⚠️ TCC Required 
tell application "System Information" to get properties

Download Files

Download .scpt Download .swift Download Binary Download Application Bundle

References

T1115

Clipboard Data

T1123

Audio Capture

On this page

Description from ATT&CK
Tests
Test #1 - Find removable storage devices using System Events
Test #2 - Find removable storage devices using Finder
Test #3 - Find all devices using System Information
References