Create Nmcap.yml

yml/OtherMSBinaries/Nmcap.yml

@@ -0,0 +1,42 @@
+---
+Name: Nmcap.exe
+Description: Command-line packet capture utility from Microsoft Network Monitor 3.x.
+Author: Avihay Eldad
+Created: 2025-09-16
+Commands:
+  - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap
+    Description: Start capture on all adapters and save to nmcap.cap (circular file).
+    Usecase: Capture network traffic on windows to collect sensitive data.
+    Category: Reconnaissance
+    Privileges: User
+    MitreID: T1040
+    OperatingSystem: Windows
+  - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /TimeAfter 30 seconds.
+    Description: Start capture and auto-terminate after a relative time period (seconds/minutes/hours/days).
+    Usecase: Capture network traffic on windows to collect sensitive data.
+    Category: Reconnaissance
+    Privileges: User
+    MitreID: T1040
+    OperatingSystem: Windows
+  - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /Time 04:52:00 AM 9/17/2025
+    Description: Start capture and auto-terminate at a specific time/date.
+    Usecase: Capture network traffic on windows to collect sensitive data.
+    Category: Reconnaissance
+    Privileges: User
+    MitreID: T1040
+    OperatingSystem: Windows
+  - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /KeyPress x
+    Description: Start capture and terminate when the specified key is pressed.
+    Usecase: Capture network traffic on windows to collect sensitive data.
+    Category: Reconnaissance
+    Privileges: User
+    MitreID: T1040
+    OperatingSystem: Windows
+Full_Path:
+  - Path: C:\Program Files\Microsoft Network Monitor 3\nmcap.exe
+  - Path: C:\Program Files (x86)\Microsoft Network Monitor 3\nmcap.exe
+Resources:
+  - Link: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/network-monitor-3
+Acknowledgement:
+  - Person: Avihay Eldad
+    Handle: '@AvihayEldad'