Discovery Chains


Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Linux
  • Global
  • Darwin
  • Windows
  • Android

Themes

Tags

Licenses

Is my Docker daemon vulnerable to privilege escalation?

2022-11-15

/static/assets/linux-logo.svg
Privilege escalation through exposed Docker daemon.
Is my Docker container vulnerable to host filesystem mounting?

2022-11-01

/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Escape Docker container by mounting host filesystem.
Is my Docker container vulnerable to a Docker socket escape?

2022-10-25

/static/assets/linux-logo.svg
Escape a Docker container that has the Docker socket mounted.
GTsST Iron Viking AWFULSHRED

2022-06-22

/static/assets/linux-logo.svg
SSH worm which installs a wiper on the machine it has infected
GTsST Sandworm Team

2022-06-07

/static/assets/linux-logo.svg
Emulate Sandworm privileged persistence from a campaign targeting Centreon systems
APT40 Find and Exfiltrate

2022-05-10

/static/assets/linux-logo.svg/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Find and exfiltrate files that potentially contain cleartext usernames or passwords based on filename.
APT40 educational institutions

2022-05-03

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform process injection and native API execution techniques.
Python AD discovery

2022-04-06

/static/assets/windows-logo.svg/static/assets/linux-logo.svg
Use Python packet and protocol libraries to perform Active Directory discovery.
ExBox

2022-03-29

/static/assets/windows-logo.svg
Emulating RNC hack in 2021
Sliver BOF and Execute-Assembly

2022-03-01

/static/assets/windows-logo.svg
Add a COFF loader, run BOFs and execute-assembly ttps.
Conti Collect and Exfiltrate

2022-02-08

/static/assets/windows-logo.svg
Automatically collect information and exfiltrate with rclone to a cloud service.
Conti Move To Remote System

2022-02-01

/static/assets/windows-logo.svg
Perform lateral movement of Jambi agent to discovered AD targets
Conti Local and Remote Discovery

2022-01-18

/static/assets/windows-logo.svg
Using the Jambi agent from the initial access chain, discover local services, active directory objects, and check the box for PrintNightmare.
Log4j Infrastructure

2022-01-13

/static/assets/linux-logo.svg
Stand up infrastructure to exploit CVE-2021-44228.
Windows LotL Ransomware

2021-12-21

/static/assets/windows-logo.svg
Deploy a Windows live-off-the-land ransomware attack.
Linux LotL Ransomware

2021-12-14

/static/assets/linux-logo.svg
Deploy a linux live-off-the-land ransomware attack.
Android ADB Shell

2021-12-07

/static/assets/android-logo.svg
A first collection of TTPs for Android specifically targeting ADB shell commands
Jambi Modules

2021-11-16

/static/assets/windows-logo.svg
Use Powershell functions to create a script implant that dynamically resolves and loads modules at runtime.
eBPF CVE-2021-3490

2021-11-09

/static/assets/linux-logo.svg
Elevate an unprivileged user to root privileges via CVE-2021-3490 (eBPF) exploitation.
Sequoia

2021-10-26

/static/assets/linux-logo.svg
Elevate an unprivileged user to root privileges via CVE-2021-33909 (Sequoia) exploitation.
Vulnerable Certificates

2021-10-19

/static/assets/windows-logo.svg
Ingress, load, and run Certify to find vulnerable certificates.
B1-66ER (Discovery)

2021-10-12

/static/assets/linux-logo.svg
Perform discovery techniques to determine if an agent has access to a ML/DL environment.
JXA Modules

2021-10-05

/static/assets/apple-logo.svg
Use JXA to create a fully modular file-less implant that dynamically resolves and load modules at runtime.
Conti (Discovery)

2021-09-21

/static/assets/windows-logo.svg
Perform the initial discovery and credential access techniques used in Conti ransomware playbook.
Baron Samedit (Persistence)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to create a persistence user.
Ransomware

2021-08-10

/static/assets/windows-logo.svg/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Deploy a safe cross-platform ransomware attack.
Baron Samedit (Spawn Agent)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to spawn an elevated agent.
Printnightmare

2021-08-10

/static/assets/windows-logo.svg
Escalate local privileges and spawn a SYSTEM-level agent by exploiting CVE-2021-34527 (PrintNightmare).