Prelude chain browser

Every week, the Prelude team designs, builds and chains together TTPs. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator.

Release Date (Newest)
Filter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Linux
  • Darwin
  • Global
  • Android

Tactics & Techniques

  • All
  • Resource Development
  • Initial Access
  • Defense Evasion
  • Command And Control
  • Discovery
  • Collection
  • Persistence
  • Credential Access
  • Privilege Escalation
  • Lateral Movement
  • Execution
  • Exfiltration
  • Impact

Themes

Tags

Licenses

Is this host protected from Qakbot?

2022-08-15

Emulates Qakbot's privilege escalation, defense evasion and data collection/exfiltration tactics.
Is Spring Cloud Gateway patched against CVE-2022-22947?

2022-08-09

Sends a crafted curl request to execute code via Spring Cloud Gateway.
Is CVE-2021-26084 patched on Confluence?

2022-08-02

A TTP that exploits CVE-2021-26084 in Confluence Server
Is CVE-2022-22965 patched on Spring Framework?

2022-07-26

A TTP that exploits CVE-2022-22965 in Spring Framework
Is CVE-2022-26134 patched on Confluence?

2022-07-19

A TTP that exploits CVE-2022-26134 in Confluence Server
Is Apache vulnerable to CVE-2021-41773?

2022-07-12

Check if Apache HTTP is vulnerable to path traversal or remote code execution by exploiting CVE-2021-41773.
Is your machine vulnerable to ShellShock?

2022-07-05

A TTP that exploits ShellShock vulnerability in Bash
APT38 Pharmaceutical Attacks

2022-06-28

Bypass MOTW execution restriction using a file archive.
GTsST Iron Viking AWFULSHRED

2022-06-22

SSH worm which installs a wiper on the machine it has infected
APT38 CryptoSpy

2022-06-07

Launch a pneuma agent hidden in a crypto ticker application.
GTsST Sandworm Team

2022-06-07

Emulate Sandworm privileged persistence from a campaign targeting Centreon systems
APT38 WannaCry

2022-05-31

Perform lateral movement using EternalBlue and DoublePulsar exploits.
APT38 Sony Hack

2022-05-24

A Prelude portrayal of the 2014 hack on Sony attributed to APT38.
APT38 DarkSeoul

2022-05-16

Destructive Master Boot Record (MBR) wiper malware.
APT40 Find and Exfiltrate

2022-05-10

Find and exfiltrate files that potentially contain cleartext usernames or passwords based on filename.
APT40 educational institutions

2022-05-03

Perform process injection and native API execution techniques.
Oasis

2022-04-26

Based on APT40's initial access and password reuse techniques.
Spring4Shell

2022-04-21

Initial Access via Spring4Shell Exploit
APT40 maritime industry

2022-04-19

Emulating APT40's malware persistence techniques.
APT40 defense industry

2022-04-12

Emulating APT40's multi-stage macro-enabled documents.
Python AD discovery

2022-04-06

Use Python packet and protocol libraries to perform Active Directory discovery.
ExBox

2022-03-29

Emulating RNC hack in 2021
APT29 COVID-19 Vaccine Data

2022-03-22

Emulating APT29's WellMess malware targeting vaccine research.
Operation Ghost

2022-03-15

Emulating APT 29 malware loader via steganography.
Dirty Pipe CVE-2022-0847

2022-03-14

Allows an attacker to modify arbitrary read-only files.
PolarCalm

2022-03-08

Emulating Cozy Bear's (APT29) supply chain attack.
Sliver BOF and Execute-Assembly

2022-03-01

Add a COFF loader, run BOFs and execute-assembly ttps.
APT29 Democratic National Committee

2022-03-01

Emulating Cozy Bear's 2016 Democratic National Committee hack.
Conti Deploy Ransomware

2022-02-14

Deploy Conti ransomware to encrypt host files.
Conti Collect and Exfiltrate

2022-02-08

Automatically collect information and exfiltrate with rclone to a cloud service.