Prelude chain browser

Every week, the Prelude team designs, builds and chains together TTPs. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator.

Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Linux
  • Darwin
  • Global
  • Android

Tactics & Techniques

  • All
  • Resource Development
  • Initial Access
  • Defense Evasion
  • Command And Control
  • Discovery
  • Collection
  • Persistence
  • Credential Access
  • Privilege Escalation
  • Lateral Movement
  • Execution
  • Exfiltration
  • Impact

Themes

Tags

Licenses

APT38 Pharmaceutical Attacks

2022-06-28

/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Bypass MOTW execution restriction using a file archive.
GTsST Iron Viking AWFULSHRED

2022-06-22

/static/assets/linux-logo.svg
SSH worm which installs a wiper on the machine it has infected
APT38 CryptoSpy

2022-06-07

/static/assets/windows-logo.svg
Launch a pneuma agent hidden in a crypto ticker application.
GTsST Sandworm Team

2022-06-07

/static/assets/linux-logo.svg
Emulate Sandworm privileged persistence from a campaign targeting Centreon systems
APT38 WannaCry

2022-05-31

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform lateral movement using EternalBlue and DoublePulsar exploits.
APT38 Sony Hack

2022-05-24

/static/assets/windows-logo.svg
A Prelude portrayal of the 2014 hack on Sony attributed to APT38.
APT38 DarkSeoul

2022-05-16

/static/assets/windows-logo.svg
Destructive Master Boot Record (MBR) wiper malware.
APT40 Find and Exfiltrate

2022-05-10

/static/assets/linux-logo.svg/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Find and exfiltrate files that potentially contain cleartext usernames or passwords based on filename.
APT40 educational institutions

2022-05-03

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform process injection and native API execution techniques.
Oasis

2022-04-26

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Based on APT40's initial access and password reuse techniques.
Spring4Shell

2022-04-21

/static/assets/terminal-logo.svg
Initial Access via Spring4Shell Exploit
APT40 maritime industry

2022-04-19

/static/assets/windows-logo.svg
Emulating APT40's malware persistence techniques.
APT40 defense industry

2022-04-12

/static/assets/windows-logo.svg
Emulating APT40's multi-stage macro-enabled documents.
Python AD discovery

2022-04-06

/static/assets/windows-logo.svg/static/assets/linux-logo.svg
Use Python packet and protocol libraries to perform Active Directory discovery.
ExBox

2022-03-29

/static/assets/windows-logo.svg
Emulating RNC hack in 2021
APT29 COVID-19 Vaccine Data

2022-03-22

/static/assets/linux-logo.svg
Emulating APT29's WellMess malware targeting vaccine research.
Operation Ghost

2022-03-15

/static/assets/linux-logo.svg
Emulating APT 29 malware loader via steganography.
Dirty Pipe CVE-2022-0847

2022-03-14

/static/assets/linux-logo.svg
Allows an attacker to modify arbitrary read-only files.
PolarCalm

2022-03-08

/static/assets/apple-logo.svg/static/assets/linux-logo.svg/static/assets/windows-logo.svg
Emulating Cozy Bear's (APT29) supply chain attack.
Sliver BOF and Execute-Assembly

2022-03-01

/static/assets/windows-logo.svg
Add a COFF loader, run BOFs and execute-assembly ttps.
APT29 Democratic National Committee

2022-03-01

/static/assets/windows-logo.svg
Emulating Cozy Bear's 2016 Democratic National Committee hack.
Conti Deploy Ransomware

2022-02-14

/static/assets/windows-logo.svg
Deploy Conti ransomware to encrypt host files.
Conti Collect and Exfiltrate

2022-02-08

/static/assets/windows-logo.svg
Automatically collect information and exfiltrate with rclone to a cloud service.
Conti Move To Remote System

2022-02-01

/static/assets/windows-logo.svg
Perform lateral movement of Jambi agent to discovered AD targets
LPE in polkit (CVE-2021-4034)

2022-01-26

/static/assets/linux-logo.svg
An LPE in polkit's pkexec affecting all major distros since May 2009.
Conti Privilege Escalation and Persistence

2022-01-25

/static/assets/windows-logo.svg
Use PrintNightmare & ZeroLogon exploits to gain privileges and extract the krbtgt NTLM hash from a DC.
Conti Local and Remote Discovery

2022-01-18

/static/assets/windows-logo.svg
Using the Jambi agent from the initial access chain, discover local services, active directory objects, and check the box for PrintNightmare.
Log4j Infrastructure

2022-01-13

/static/assets/linux-logo.svg
Stand up infrastructure to exploit CVE-2021-44228.
Conti Recon And Initial Access

2022-01-10

/static/assets/windows-logo.svg
Perform recon and initial access of target environment
CSwipe

2022-01-04

/static/assets/linux-logo.svg
Deploy a custom payload to achieve ransomware without using traditional encryption.