operator
ChainsTTPsBlogLogin
menu

Tool (T1588.002)

Adversaries may buy, steal, or download software tools that can be used during targeting. Tools can be open or closed source, free or commercial. A tool can be used for malicious purposes by an adversary, but (unlike malware) were not intended to be used for those purposes (ex: PsExec). Tool acquisition can involve the procurement of commercial software licenses, including for red teaming tools such as Cobalt Strike. Commercial software may be obtained through purchase, stealing licenses (or licensed copies of the software), or cracking trial versions.(Citation: Recorded Future Beacon 2019) Adversaries may obtain tools to support their operations, including to support execution of post-compromise behaviors. In addition to freely downloading or purchasing software, adversaries may steal software and/or software licenses from third-party entities (including other adversaries).

Source: https://github.com/mitre/cti
Related Prelude attack chains
Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Darwin
  • Linux
  • Global
  • Android

Themes

Tags

Licenses

Oasis

2022-04-26

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Based on APT40's initial access and password reuse techniques.
Spring4Shell

2022-04-21

/static/assets/terminal-logo.svg
Initial Access via Spring4Shell Exploit
Python AD discovery

2022-04-06

/static/assets/windows-logo.svg/static/assets/linux-logo.svg
Use Python packet and protocol libraries to perform Active Directory discovery.
Conti Local and Remote Discovery

2022-01-18

/static/assets/windows-logo.svg
Using the Jambi agent from the initial access chain, discover local services, active directory objects, and check the box for PrintNightmare.
Log4j Infrastructure

2022-01-13

/static/assets/linux-logo.svg
Stand up infrastructure to exploit CVE-2021-44228.
Staging Server (Server-side)

2021-11-30

/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Deploy capabilities to a staging server and establish a reverse proxy.
1
About PreludePrelude hardens an organization's defenses by continuously “asking” it questions through the form of safe cyberattacks. These attacks respond immediately to the latest vulnerabilities and cyber events, turning complex technical descriptions into deployable “questions”.Our mission is to increase the reach, frequency and usage of advanced security for all organizations.
twitterFollow @preludeorg on Twitter for new chains and more.
discordJoin the Prelude Discord to discuss chains and more.
githubKeep up to date with code changes and community activity on Github
operator
preludesecurity.comCareersTactics & TechniquesAttack themes
Privacy Policysupport@preludesecurity.com© 2023 Prelude Research, Inc.All rights reserved. Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.