Prelude chain browser

This is a collection of Prelude-designed TTPs that have been chained together. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator. Download for free.

Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Darwin
  • Linux
  • Global
  • Android

Tactics & Techniques

  • All
  • Resource Development
  • Initial Access
  • Defense Evasion
  • Command And Control
  • Discovery
  • Collection
  • Persistence
  • Credential Access
  • Privilege Escalation
  • Lateral Movement
  • Execution
  • Exfiltration
  • Impact

Themes

Tags

Licenses

Is my host protected against SSP abuse?

2023-02-28

/static/assets/windows-logo.svg
Abusing Windows Security Support Provider (SSP) and Authentication Packages (AP) in the form of DLLs that are injected into the LSASS.exe process on system boot.
Is my host protected against CVE-2019-14287?

2023-02-21

/static/assets/terminal-logo.svg
A TTP that exploits CVE-2019-14287 on Linux and MacOS machines
Is my host protected against Pass-The-ticket?

2023-02-14

/static/assets/windows-logo.svg
Perform the Pass-The-Ticket attack on your domain
Is my host protected against Crackmapexec?

2023-02-07

/static/assets/windows-logo.svg/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Deploy Crackmapexec to dump SAM and LSA and execute system commands
Is my host protected against RestrictedAdmin?

2023-01-31

/static/assets/windows-logo.svg
Deploy RestrictedAdmin and disable Restricted Admin mode
Is my host protected against Seatbelt?

2023-01-24

/static/assets/windows-logo.svg
Deploy Seatbelt to enumerate the local system.
Is my host protected against SharpWMI?

2023-01-17

/static/assets/windows-logo.svg
Deploy SharpWMI to enumerate the local system.
Is my host protected against Microsoft Office add-ins?

2023-01-11

/static/assets/windows-logo.svg
Stage and execute malicious Microsoft Office add-in.
Is my host protected against Cuba Ransomware?

2022-12-27

/static/assets/windows-logo.svg
Stage and execute Cuba Ransomware.
Is my host protected against APT37?

2022-12-19

/static/assets/windows-logo.svg
Stage and execute APT37.
Is my host protected against ngrok?

2022-12-13

/static/assets/linux-logo.svg/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Stage and execute ngrok.
Is my host protected against XMRig crypto miner?

2022-12-13

/static/assets/linux-logo.svg/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Stage and execute XMRig crypto miner.
Is this host protected from LockBit?

2022-12-06

/static/assets/windows-logo.svg
Is this host protected from LockBit?
Is my Kubernetes pod protected against host mounting?

2022-11-29

/static/assets/linux-logo.svg
Escape Kubernetes Pod via host filesystem mounting.
Is CVE-2022-36804 patched on Atlassian Bitbucket Server?

2022-11-22

/static/assets/terminal-logo.svg
A TTP that exploits CVE-2022-36804 in Atlassian Bitbucket Server.
Is my Docker daemon vulnerable to privilege escalation?

2022-11-15

/static/assets/linux-logo.svg
Privilege escalation through exposed Docker daemon.
Is my Docker container vulnerable to cgroup controller escapes?

2022-11-08

/static/assets/linux-logo.svg
Escape Docker container via cgroup controller.
Is my Docker container vulnerable to host filesystem mounting?

2022-11-01

/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Escape Docker container by mounting host filesystem.
Is my Docker container vulnerable to a Docker socket escape?

2022-10-25

/static/assets/linux-logo.svg
Escape a Docker container that has the Docker socket mounted.
Is CVE-2022-35914 patched on this host?

2022-10-18

/static/assets/linux-logo.svg
A TTP that exploits CVE-2022-35914 in GLPI HTMLAWED
Is Atlassian Bitbucket Server or Data Center patched against CVE-2022-36804?

2022-10-10

/static/assets/linux-logo.svg
Atlassian Bitbucker Server and Data Center code injection vulnerability
API unhooking via Perun's Fart

2022-10-04

/static/assets/windows-logo.svg
API unhooking by overwriting the current process version of the DLL.
Process injection via CreateRemoteThread

2022-09-27

/static/assets/windows-logo.svg
Injects shellcode into a specified PID using CreateRemoteThread.
Are MOUSEISLAND malware procedures mitigated on this host?

2022-09-19

/static/assets/windows-logo.svg
Emulates procedures found in MOUSEISLAND malware.
Are Agent Tesla malware procedures mitigated on this host?

2022-09-12

/static/assets/windows-logo.svg
Emulates tactics found in Agent Tesla.
Are Remcos RAT procedures mitigated on this host?

2022-09-05

/static/assets/windows-logo.svg
Emulates tactics found in Remcos RAT.
Are GootLoader malware procedures mitigated on this host?

2022-08-30

/static/assets/windows-logo.svg
Emulates tactics found in GootLoader malware.
Can this host mitigate procedures used in LokiBot malware?

2022-08-23

/static/assets/windows-logo.svg
Emulates LokiBot Password Stealer's procedures for credential harvesting.
Is this host protected from Qakbot?

2022-08-15

/static/assets/windows-logo.svg
Emulates Qakbot's privilege escalation, defense evasion and data collection/exfiltration tactics.
Is Spring Cloud Gateway patched against CVE-2022-22947?

2022-08-09

/static/assets/linux-logo.svg
Sends a crafted curl request to execute code via Spring Cloud Gateway.