Chains
TTPs
Blog
Login
Prelude chain browser
Sliver BOF and Execute-Assembly
This is an example of how you can attach a sliver agent directly, then run BOF and .NET Assemblies through Operator.
2022-03-01
Community
This is a community attack chain. Download Prelude Operator to use this chain for free.
Authors:
khyberspache, privateducky, mitre
Execute this chain
Download Operator (1.7.1)
Learn about Operator
TTPs
Register COFF loader
Collect ARP details
List user CACLs for file
Run AS-REP roasting assembly
Tags
apt29 scenario 1, apt29
Tactics
Command-and-control
Discovery
Credential-access