Prelude chain browser

This is a collection of Prelude-designed TTPs that have been chained together. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator. Download for free.

Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Darwin
  • Linux
  • Global
  • Android

Tactics & Techniques

  • All
  • Resource Development
  • Initial Access
  • Defense Evasion
  • Command And Control
  • Discovery
  • Collection
  • Persistence
  • Credential Access
  • Privilege Escalation
  • Lateral Movement
  • Execution
  • Exfiltration
  • Impact

Themes

Tags

Licenses

Is CVE-2021-26084 patched on Confluence?

2022-08-02

/static/assets/linux-logo.svg
A TTP that exploits CVE-2021-26084 in Confluence Server
Is CVE-2022-22965 patched on Spring Framework?

2022-07-26

/static/assets/linux-logo.svg
A TTP that exploits CVE-2022-22965 in Spring Framework
Is CVE-2022-26134 patched on Confluence?

2022-07-19

/static/assets/linux-logo.svg
A TTP that exploits CVE-2022-26134 in Confluence Server
Is Apache vulnerable to CVE-2021-41773?

2022-07-12

/static/assets/linux-logo.svg
Check if Apache HTTP is vulnerable to path traversal or remote code execution by exploiting CVE-2021-41773.
Is your machine vulnerable to ShellShock?

2022-07-05

/static/assets/linux-logo.svg
A TTP that exploits ShellShock vulnerability in Bash
APT38 Pharmaceutical Attacks

2022-06-28

/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Bypass MOTW execution restriction using a file archive.
GTsST Iron Viking AWFULSHRED

2022-06-22

/static/assets/linux-logo.svg
SSH worm which installs a wiper on the machine it has infected
APT38 CryptoSpy

2022-06-07

/static/assets/windows-logo.svg
Launch a pneuma agent hidden in a crypto ticker application.
GTsST Sandworm Team

2022-06-07

/static/assets/linux-logo.svg
Emulate Sandworm privileged persistence from a campaign targeting Centreon systems
APT38 WannaCry

2022-05-31

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform lateral movement using EternalBlue and DoublePulsar exploits.
APT38 Sony Hack

2022-05-24

/static/assets/windows-logo.svg
A Prelude portrayal of the 2014 hack on Sony attributed to APT38.
APT38 DarkSeoul

2022-05-16

/static/assets/windows-logo.svg
Destructive Master Boot Record (MBR) wiper malware.
APT40 Find and Exfiltrate

2022-05-10

/static/assets/linux-logo.svg/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Find and exfiltrate files that potentially contain cleartext usernames or passwords based on filename.
APT40 educational institutions

2022-05-03

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform process injection and native API execution techniques.
Oasis

2022-04-26

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Based on APT40's initial access and password reuse techniques.
Spring4Shell

2022-04-21

/static/assets/terminal-logo.svg
Initial Access via Spring4Shell Exploit
APT40 maritime industry

2022-04-19

/static/assets/windows-logo.svg
Emulating APT40's malware persistence techniques.
APT40 defense industry

2022-04-12

/static/assets/windows-logo.svg
Emulating APT40's multi-stage macro-enabled documents.
Python AD discovery

2022-04-06

/static/assets/windows-logo.svg/static/assets/linux-logo.svg
Use Python packet and protocol libraries to perform Active Directory discovery.
ExBox

2022-03-29

/static/assets/windows-logo.svg
Emulating RNC hack in 2021
APT29 COVID-19 Vaccine Data

2022-03-22

/static/assets/linux-logo.svg
Emulating APT29's WellMess malware targeting vaccine research.
Operation Ghost

2022-03-15

/static/assets/linux-logo.svg
Emulating APT 29 malware loader via steganography.
Dirty Pipe CVE-2022-0847

2022-03-14

/static/assets/linux-logo.svg
Allows an attacker to modify arbitrary read-only files.
PolarCalm

2022-03-08

/static/assets/apple-logo.svg/static/assets/linux-logo.svg/static/assets/windows-logo.svg
Emulating Cozy Bear's (APT29) supply chain attack.
Sliver BOF and Execute-Assembly

2022-03-01

/static/assets/windows-logo.svg
Add a COFF loader, run BOFs and execute-assembly ttps.
APT29 Democratic National Committee

2022-03-01

/static/assets/windows-logo.svg
Emulating Cozy Bear's 2016 Democratic National Committee hack.
Conti Deploy Ransomware

2022-02-14

/static/assets/windows-logo.svg
Deploy Conti ransomware to encrypt host files.
Conti Collect and Exfiltrate

2022-02-08

/static/assets/windows-logo.svg
Automatically collect information and exfiltrate with rclone to a cloud service.
Conti Move To Remote System

2022-02-01

/static/assets/windows-logo.svg
Perform lateral movement of Jambi agent to discovered AD targets
LPE in polkit (CVE-2021-4034)

2022-01-26

/static/assets/linux-logo.svg
An LPE in polkit's pkexec affecting all major distros since May 2009.