Themeless

Every week, the Prelude team designs, builds and chains together TTPs. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator.
Related Prelude themed chains
Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Linux
  • Darwin
  • Global
  • Android

Tactics & Techniques

  • All
  • Resource Development
  • Initial Access
  • Defense Evasion
  • Command And Control
  • Discovery
  • Collection
  • Persistence
  • Credential Access
  • Privilege Escalation
  • Lateral Movement
  • Execution
  • Exfiltration
  • Impact

Tags

Licenses

Python AD discovery

2022-04-06

/static/assets/windows-logo.svg/static/assets/linux-logo.svg
Use Python packet and protocol libraries to perform Active Directory discovery.
Sliver BOF and Execute-Assembly

2022-03-01

/static/assets/windows-logo.svg
Add a COFF loader, run BOFs and execute-assembly ttps.
Android ADB Shell

2021-12-07

/static/assets/android-logo.svg
A first collection of TTPs for Android specifically targeting ADB shell commands
Staging Server (Server-side)

2021-11-30

/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Deploy capabilities to a staging server and establish a reverse proxy.
Jambi Modules

2021-11-16

/static/assets/windows-logo.svg
Use Powershell functions to create a script implant that dynamically resolves and loads modules at runtime.
eBPF CVE-2021-3490

2021-11-09

/static/assets/linux-logo.svg
Elevate an unprivileged user to root privileges via CVE-2021-3490 (eBPF) exploitation.
Sequoia

2021-10-26

/static/assets/linux-logo.svg
Elevate an unprivileged user to root privileges via CVE-2021-33909 (Sequoia) exploitation.
Vulnerable Certificates

2021-10-19

/static/assets/windows-logo.svg
Ingress, load, and run Certify to find vulnerable certificates.
B1-66ER (Discovery)

2021-10-12

/static/assets/linux-logo.svg
Perform discovery techniques to determine if an agent has access to a ML/DL environment.
JXA Modules

2021-10-05

/static/assets/apple-logo.svg
Use JXA to create a fully modular file-less implant that dynamically resolves and load modules at runtime.
B1-66ER (Initial Access)

2021-09-28

/static/assets/linux-logo.svg
Gain initial access by installing SciPy with concealed Schism agent
SharpHound

2021-09-07

/static/assets/windows-logo.svg
Ingress, load, and run the SharpHound collector.
JXA Access

2021-08-24

/static/assets/apple-logo.svg
Use JXA to load a file-less agent into memory and create persistence mechanisms on OS X.
Kaseya VSA Attack

2021-08-16

/static/assets/windows-logo.svg
Side-load an agent using components of the REvil ransomware attack kill chain.
File Hunter

2021-08-10

/static/assets/windows-logo.svg/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Automatically discover and prepare files for exfiltration.
Baron Samedit (Persistence)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to create a persistence user.
Netsh Helper DLL

2021-08-10

/static/assets/windows-logo.svg
Create a Netsh helper DLL persistence.
Baron Samedit (Spawn Agent)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to spawn an elevated agent.
Printnightmare

2021-08-10

/static/assets/windows-logo.svg
Escalate local privileges and spawn a SYSTEM-level agent by exploiting CVE-2021-34527 (PrintNightmare).
GhostLoader

2021-07-06

/static/assets/windows-logo.svg
Use the "GhostLoader" technique to run assemblies compiled on the target system.