We're releasing the fourth installment of our Conti ransomware theme with new TTPs focused on Windows lateral-movement using live off the land techniques. To date, our Conti theme now contains the following kill-chains:
This chain performs lateral movement within the domain. First, we check for all hosts on the domain. After selecting a target, we then enable access to the target's storage resources. We then move the agent executable from our current host to the target host. Finally, we execute the agent on the target host performing lateral movement within the domain. This chain does have a user custom fact for the target host information which you can provide in the facts section, or you can modify the TTP itself removing #{target.host}
and providing the information manually.
Watch a demonstration: Conti Move to Remote Systems
Thanks for reading our latest TTP Tuesday release! Please subscribe and reach out with any feedback. We love to hear from our community!
There are several ways to follow us and learn more about Prelude and our team members:
Download Prelude Operator: https://www.prelude.org/download/current
See the latest kill chain and TTP Releases: https://chains.prelude.org/
See our open-source repositories: https://github.com/preludeorg
Discord: https://discord.gg/gzUv4XNquu
Reddit: https://www.reddit.com/r/preludeorg/
Twitter: https://twitter.com/preludeorg
Listen to our Podcast: https://anchor.fm/preludeorg
Read our blog: https://feed.prelude.org
Watch our live streams: https://www.twitch.tv/preludeorg
Watch our pre-recorded content: https://www.youtube.com/c/preludeorg
David: privateducky
Alex: khyberspache
Kris: Xanthonus
Octavia: VVX7
Sam: wasupwithuman