We're releasing the fifth release of our Conti ransomware theme with new TTPs focused on data collection and exfiltration. To date, our Conti theme now contains the following kill-chains:
This chain performs collection and exfiltration. First we enumerate the users home directory then attempt to dump hashes via Kerberoasting and AS-REProasting. Once we have target data, the ingress and configure Rclone to work with an ephemeral Mega account then automatically exfiltrate to a Data folder in Mega.
Watch a demonstration: Conti Collect & Exfiltrate
Thanks for reading our latest TTP Tuesday release! Please subscribe and reach out with any feedback. We love to hear from our community!
There are several ways to follow us and learn more about Prelude and our team members:
Download Prelude Operator: https://www.prelude.org/download/current
See the latest kill chain and TTP Releases: https://chains.prelude.org/
See our open-source repositories: https://github.com/preludeorg
Listen to our Podcast: https://anchor.fm/preludeorg
Read our blog: https://feed.prelude.org
Watch our live streams: https://www.twitch.tv/preludeorg
Watch our pre-recorded content: https://www.youtube.com/c/preludeorg