Our current theme is ransomware, focusing on scenarios where threats use live off the land (LotL) binaries and custom payloads to accomplish their objectives. The ransomware theme will contain the following kill-chains:
This week’s kill chain focuses on a different approach to ransomware for Macs (and Linux in the future). Instead of relying on a typical “discover and encrypt” attack path, our custom chain delivers a (safe) attack that:
We have designed this chain with two paths, one safe* and one *destructive*. The safe path (the default) will copy each file before wiping and apply the wipe to the copy only. Removing the *safe* flag will allow this attack to run in the wild, and will be *destructive.
Watch a demonstration: MacOS Custom Ransomware
Thanks for reading our latest TTP Tuesday release! Please subscribe and reach out with any feedback. We love to hear from our community!
There are several ways to follow us and learn more about Prelude and our team members:
Download Prelude Operator: https://www.prelude.org/download/current
See the latest kill chain and TTP Releases: https://chains.prelude.org/
See our open-source repositories: https://github.com/preludeorg
Listen to our Podcast: https://anchor.fm/preludeorg
Read our blog: https://feed.prelude.org
Watch our live streams: https://www.twitch.tv/preludeorg
Watch our pre-recorded content: https://www.youtube.com/c/preludeorg