operator
ChainsTTPsBlogLogin
menu

Discovery Chains

Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Darwin
  • Linux
  • Global
  • Android

Themes

Tags

Licenses

Is my host protected against RestrictedAdmin?

2023-01-31

/static/assets/windows-logo.svg
Deploy RestrictedAdmin and disable Restricted Admin mode
Is my host protected against Seatbelt?

2023-01-24

/static/assets/windows-logo.svg
Deploy Seatbelt to enumerate the local system.
Is my host protected against SharpWMI?

2023-01-17

/static/assets/windows-logo.svg
Deploy SharpWMI to enumerate the local system.
Is my Docker daemon vulnerable to privilege escalation?

2022-11-15

/static/assets/linux-logo.svg
Privilege escalation through exposed Docker daemon.
Is my Docker container vulnerable to host filesystem mounting?

2022-11-01

/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Escape Docker container by mounting host filesystem.
Is my Docker container vulnerable to a Docker socket escape?

2022-10-25

/static/assets/linux-logo.svg
Escape a Docker container that has the Docker socket mounted.
GTsST Iron Viking AWFULSHRED

2022-06-22

/static/assets/linux-logo.svg
SSH worm which installs a wiper on the machine it has infected
GTsST Sandworm Team

2022-06-07

/static/assets/linux-logo.svg
Emulate Sandworm privileged persistence from a campaign targeting Centreon systems
APT40 Find and Exfiltrate

2022-05-10

/static/assets/linux-logo.svg/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Find and exfiltrate files that potentially contain cleartext usernames or passwords based on filename.
APT40 educational institutions

2022-05-03

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform process injection and native API execution techniques.
Python AD discovery

2022-04-06

/static/assets/windows-logo.svg/static/assets/linux-logo.svg
Use Python packet and protocol libraries to perform Active Directory discovery.
ExBox

2022-03-29

/static/assets/windows-logo.svg
Emulating RNC hack in 2021
Sliver BOF and Execute-Assembly

2022-03-01

/static/assets/windows-logo.svg
Add a COFF loader, run BOFs and execute-assembly ttps.
Conti Collect and Exfiltrate

2022-02-08

/static/assets/windows-logo.svg
Automatically collect information and exfiltrate with rclone to a cloud service.
Conti Move To Remote System

2022-02-01

/static/assets/windows-logo.svg
Perform lateral movement of Jambi agent to discovered AD targets
Conti Local and Remote Discovery

2022-01-18

/static/assets/windows-logo.svg
Using the Jambi agent from the initial access chain, discover local services, active directory objects, and check the box for PrintNightmare.
Log4j Infrastructure

2022-01-13

/static/assets/linux-logo.svg
Stand up infrastructure to exploit CVE-2021-44228.
Windows LotL Ransomware

2021-12-21

/static/assets/windows-logo.svg
Deploy a Windows live-off-the-land ransomware attack.
Linux LotL Ransomware

2021-12-14

/static/assets/linux-logo.svg
Deploy a linux live-off-the-land ransomware attack.
Android ADB Shell

2021-12-07

/static/assets/android-logo.svg
A first collection of TTPs for Android specifically targeting ADB shell commands
Jambi Modules

2021-11-16

/static/assets/windows-logo.svg
Use Powershell functions to create a script implant that dynamically resolves and loads modules at runtime.
eBPF CVE-2021-3490

2021-11-09

/static/assets/linux-logo.svg
Elevate an unprivileged user to root privileges via CVE-2021-3490 (eBPF) exploitation.
Sequoia

2021-10-26

/static/assets/linux-logo.svg
Elevate an unprivileged user to root privileges via CVE-2021-33909 (Sequoia) exploitation.
Vulnerable Certificates

2021-10-19

/static/assets/windows-logo.svg
Ingress, load, and run Certify to find vulnerable certificates.
B1-66ER (Discovery)

2021-10-12

/static/assets/linux-logo.svg
Perform discovery techniques to determine if an agent has access to a ML/DL environment.
JXA Modules

2021-10-05

/static/assets/apple-logo.svg
Use JXA to create a fully modular file-less implant that dynamically resolves and load modules at runtime.
Conti (Discovery)

2021-09-21

/static/assets/windows-logo.svg
Perform the initial discovery and credential access techniques used in Conti ransomware playbook.
Baron Samedit (Persistence)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to create a persistence user.
Ransomware

2021-08-10

/static/assets/windows-logo.svg/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Deploy a safe cross-platform ransomware attack.
Baron Samedit (Spawn Agent)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to spawn an elevated agent.
12
About PreludePrelude hardens an organization's defenses by continuously “asking” it questions through the form of safe cyberattacks. These attacks respond immediately to the latest vulnerabilities and cyber events, turning complex technical descriptions into deployable “questions”.Our mission is to increase the reach, frequency and usage of advanced security for all organizations.
twitterFollow @preludeorg on Twitter for new chains and more.
discordJoin the Prelude Discord to discuss chains and more.
githubKeep up to date with code changes and community activity on Github
operator
preludesecurity.comCareersTactics & TechniquesAttack themes
Privacy Policysupport@preludesecurity.com© 2023 Prelude Research, Inc.All rights reserved. Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.