Prelude Attack Chains

Intelligently designed, safe attack chains meant to mimic the most advanced adversaries.

Every week, the Prelude team designs, builds and chains together TTPs. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator. Download for free.

All Chains

Prev
13 of 13
Next

B1-66ER (Discovery)

2021-09-14
tactics
discovery
Tags
b1-66er
docker
Gather target hardware details for the CPU/GPU and detect if we are running inside a container. Then display python version and list installed python pip packages and their version numbers.

SharpHound

2021-09-07
tactics
execution
command-and-control
collection
Tags
Create a random XOR byte and ingress and XOR a SharpHound payload to a temporary file on the target system. Bypass AMSI, load, and then run the XOR'd SharpHound payload in memory.

JXA Modules

2021-08-31
tactics
command-and-control
discovery
collection
Tags
apt29 scenario 1
apt29
Deploy a script that dynamically resolves various implant modules. Automatically resolve and install an HTTP C2 module. During runtime, as tasks are sent to the agent, resolve missing modules, install them, and run keyword-based TTPs to perform a screen capture on the target system.