Defense Evasion Chains


Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Linux
  • Darwin
  • Global
  • Android

Themes

Tags

Licenses

Is my host protected against RestrictedAdmin?

2023-01-31

/static/assets/windows-logo.svg
Deploy RestrictedAdmin and disable Restricted Admin mode
Is my host protected against Seatbelt?

2023-01-24

/static/assets/windows-logo.svg
Deploy Seatbelt to enumerate the local system.
API unhooking via Perun's Fart

2022-10-04

/static/assets/windows-logo.svg
API unhooking by overwriting the current process version of the DLL.
Process injection via CreateRemoteThread

2022-09-27

/static/assets/windows-logo.svg
Injects shellcode into a specified PID using CreateRemoteThread.
Are Remcos RAT procedures mitigated on this host?

2022-09-05

/static/assets/windows-logo.svg
Emulates tactics found in Remcos RAT.
APT38 Pharmaceutical Attacks

2022-06-28

/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Bypass MOTW execution restriction using a file archive.
GTsST Iron Viking AWFULSHRED

2022-06-22

/static/assets/linux-logo.svg
SSH worm which installs a wiper on the machine it has infected
APT38 DarkSeoul

2022-05-16

/static/assets/windows-logo.svg
Destructive Master Boot Record (MBR) wiper malware.
APT40 educational institutions

2022-05-03

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform process injection and native API execution techniques.
Spring4Shell

2022-04-21

/static/assets/terminal-logo.svg
Initial Access via Spring4Shell Exploit
APT40 defense industry

2022-04-12

/static/assets/windows-logo.svg
Emulating APT40's multi-stage macro-enabled documents.
Operation Ghost

2022-03-15

/static/assets/linux-logo.svg
Emulating APT 29 malware loader via steganography.
PolarCalm

2022-03-08

/static/assets/apple-logo.svg/static/assets/linux-logo.svg/static/assets/windows-logo.svg
Emulating Cozy Bear's (APT29) supply chain attack.
Android ADB Shell

2021-12-07

/static/assets/android-logo.svg
A first collection of TTPs for Android specifically targeting ADB shell commands
Jambi Modules

2021-11-16

/static/assets/windows-logo.svg
Use Powershell functions to create a script implant that dynamically resolves and loads modules at runtime.
Kaseya VSA Attack

2021-08-16

/static/assets/windows-logo.svg
Side-load an agent using components of the REvil ransomware attack kill chain.
Netsh Helper DLL

2021-08-10

/static/assets/windows-logo.svg
Create a Netsh helper DLL persistence.
GhostLoader

2021-07-06

/static/assets/windows-logo.svg
Use the "GhostLoader" technique to run assemblies compiled on the target system.