Chains
TTPs
Blog
Login
Prelude chain browser
JXA Access
Deploy a file-less JXA agent via a shell script and create a persistence application on the users desktop to launch a new agent any time the "fake" Safari application is clicked. Next, upgrade the file-less agent to a full stage-2 Pneuma agent.
2021-08-24
Professional
This is a professional attack chain. A professional subscription automatically gives you access to this chain + 50 more, with direct integration inside of Operator.
Authors:
privateducky, khyberspache
Execute this chain
Download Operator (1.7.1)
Learn about Operator
TTPs
Download pneuma
Create a JXA Safari.app stager on the desktop
Deploy a stage-0 JXA agent
Tags
agent
Tactics
Command-and-control
Persistence
Execution