Prelude Attack Chains

Intelligently designed, safe attack chains meant to mimic the most advanced adversaries.

Every week, the Prelude team designs, builds and chains together TTPs. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator. Download for free.

All Chains

Prev
13 of 20
Next

Staging Server (Server-side)

2021-11-30
tactics
resource-development
Tags
Deploy HAProxy on a Redirector for TLS termination. Install Python3, proxychains, Chisel server, Metasploit, and CrackMapExec (CME) on a staging server through a Pneuma agent. Launch a Chisel server on the staging server then connect Chisel clients in the target network for proxying attacks.

Android ADB Shell

2021-11-23
tactics
discovery
collection
impact
persistence
Tags
android
apt29 scenario 1
apt29
destructive
Use a modified Schism agent for Android to deploy TTPs targeting the Android Debug Bridge (ADB) shell. This first collection of Android TTPs enables screen captures, video recording of user action, listing and removal of software packages, creation of new users, and device location discovery.

Jambi Modules

2021-11-16
tactics
discovery
execution
defense-evasion
Tags
Deploy a script that dynamically resolves various implant modules. Automatically resolve and install an HTTP C2 module. All tasks sent to the agent will resolve missing modules, install them, and run various Powershell and keyword-based TTPs in the current thread.