From 7405955988999f3fe4e89d90c056614abf948d4e Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Wed, 17 Sep 2025 15:04:18 +0300
Subject: [PATCH 1/4] Create Nmcap.yml

---
 yml/OtherMSBinaries/Nmcap.yml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 yml/OtherMSBinaries/Nmcap.yml

diff --git a/yml/OtherMSBinaries/Nmcap.yml b/yml/OtherMSBinaries/Nmcap.yml
new file mode 100644
index 00000000..8fd11ed3
--- /dev/null
+++ b/yml/OtherMSBinaries/Nmcap.yml
@@ -0,0 +1,34 @@
+---
+Name: Nmcap.exe
+Description: Command-line packet capture utility from Microsoft Network Monitor 3.x.
+Author: Avihay Eldad
+Created: 2025-09-16
+Commands:
+  - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap
+    Description: Start capture on all adapters and save to nmcap.cap (circular file).
+    Usecase: Capture network traffic on windows to capture senstive traffic.
+    Category: Reconnaissance
+    Privileges: User
+    MitreID: T1040
+    OperatingSystem: Windows
+  - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /TimeAfter 30 seconds.
+    Description: Start capture and auto-terminate after a relative time period (seconds/minutes/hours/days).
+    Usecase: Capture network traffic on windows to capture senstive traffic.
+    Category: Reconnaissance
+    Privileges: User
+    MitreID: T1040
+    OperatingSystem: Windows
+  - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /Time 04:52:00 AM 9/17/2025
+    Description: Start capture and auto-terminate at a specific time/date.
+    Usecase: Capture network traffic on windows to capture senstive traffic.
+    Category: Reconnaissance
+    Privileges: User
+    MitreID: T1040
+Full_Path:
+  - Path: C:\Program Files\Microsoft Network Monitor 3\nmcap.exe
+  - Path: C:\Program Files (x86)\Microsoft Network Monitor 3\nmcap.exe
+Resources:
+  - Link: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/network-monitor-3
+Acknowledgement:
+  - Person: Avihay Eldad
+    Handle: '@AvihayEldad'

From eaf7555bddb78d3b08bf0331da1495e984572a5e Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Wed, 17 Sep 2025 15:11:00 +0300
Subject: [PATCH 2/4] Update Nmcap.yml

---
 yml/OtherMSBinaries/Nmcap.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yml/OtherMSBinaries/Nmcap.yml b/yml/OtherMSBinaries/Nmcap.yml
index 8fd11ed3..1e635b93 100644
--- a/yml/OtherMSBinaries/Nmcap.yml
+++ b/yml/OtherMSBinaries/Nmcap.yml
@@ -6,21 +6,21 @@ Created: 2025-09-16
 Commands:
   - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap
     Description: Start capture on all adapters and save to nmcap.cap (circular file).
-    Usecase: Capture network traffic on windows to capture senstive traffic.
+    Usecase: Capture network traffic on windows to collect senstive traffic.
     Category: Reconnaissance
     Privileges: User
     MitreID: T1040
     OperatingSystem: Windows
   - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /TimeAfter 30 seconds.
     Description: Start capture and auto-terminate after a relative time period (seconds/minutes/hours/days).
-    Usecase: Capture network traffic on windows to capture senstive traffic.
+    Usecase: Capture network traffic on windows to collect senstive traffic.
     Category: Reconnaissance
     Privileges: User
     MitreID: T1040
     OperatingSystem: Windows
   - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /Time 04:52:00 AM 9/17/2025
     Description: Start capture and auto-terminate at a specific time/date.
-    Usecase: Capture network traffic on windows to capture senstive traffic.
+    Usecase: Capture network traffic on windows to collect senstive traffic.
     Category: Reconnaissance
     Privileges: User
     MitreID: T1040

From 62eab8967bea6cab24d9b9b17f6da30c570ecaae Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Wed, 17 Sep 2025 15:13:49 +0300
Subject: [PATCH 3/4] Update Nmcap.yml

---
 yml/OtherMSBinaries/Nmcap.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/yml/OtherMSBinaries/Nmcap.yml b/yml/OtherMSBinaries/Nmcap.yml
index 1e635b93..f0fa5f96 100644
--- a/yml/OtherMSBinaries/Nmcap.yml
+++ b/yml/OtherMSBinaries/Nmcap.yml
@@ -6,21 +6,27 @@ Created: 2025-09-16
 Commands:
   - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap
     Description: Start capture on all adapters and save to nmcap.cap (circular file).
-    Usecase: Capture network traffic on windows to collect senstive traffic.
+    Usecase: Capture network traffic on windows to collect sensitive data.
     Category: Reconnaissance
     Privileges: User
     MitreID: T1040
     OperatingSystem: Windows
   - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /TimeAfter 30 seconds.
     Description: Start capture and auto-terminate after a relative time period (seconds/minutes/hours/days).
-    Usecase: Capture network traffic on windows to collect senstive traffic.
+    Usecase: Capture network traffic on windows to collect sensitive data.
     Category: Reconnaissance
     Privileges: User
     MitreID: T1040
     OperatingSystem: Windows
   - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /Time 04:52:00 AM 9/17/2025
     Description: Start capture and auto-terminate at a specific time/date.
-    Usecase: Capture network traffic on windows to collect senstive traffic.
+    Usecase: Capture network traffic on windows to collect sensitive data.
+    Category: Reconnaissance
+    Privileges: User
+    MitreID: T1040
+  - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /KeyPress x
+    Description: Start capture and terminate when the specified key is pressed.
+    Usecase: Capture network traffic on windows to collect sensitive data.
     Category: Reconnaissance
     Privileges: User
     MitreID: T1040

From 272b2e1e0e48036d27998c2061f5a3effea441c3 Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Wed, 17 Sep 2025 15:19:13 +0300
Subject: [PATCH 4/4] Update Nmcap.yml

---
 yml/OtherMSBinaries/Nmcap.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/yml/OtherMSBinaries/Nmcap.yml b/yml/OtherMSBinaries/Nmcap.yml
index f0fa5f96..6ac13e3f 100644
--- a/yml/OtherMSBinaries/Nmcap.yml
+++ b/yml/OtherMSBinaries/Nmcap.yml
@@ -24,12 +24,14 @@ Commands:
     Category: Reconnaissance
     Privileges: User
     MitreID: T1040
+    OperatingSystem: Windows
   - Command: nmcap.exe /network * /capture /file C:\Users\Public\nmcap.cap /TerminateWhen /KeyPress x
     Description: Start capture and terminate when the specified key is pressed.
     Usecase: Capture network traffic on windows to collect sensitive data.
     Category: Reconnaissance
     Privileges: User
     MitreID: T1040
+    OperatingSystem: Windows
 Full_Path:
   - Path: C:\Program Files\Microsoft Network Monitor 3\nmcap.exe
   - Path: C:\Program Files (x86)\Microsoft Network Monitor 3\nmcap.exe