Directories ¶
Path | Synopsis |
---|---|
Simulates an overflow where Google Chrome spawns a shell [T1189]
|
Simulates an overflow where Google Chrome spawns a shell [T1189] |
Simulates C&C discovery via DNS over HTTPS (ala Godlua)
|
Simulates C&C discovery via DNS over HTTPS (ala Godlua) |
Simulates C&C discovery via randomized hostname lookups (ala Aquatic Panda)
|
Simulates C&C discovery via randomized hostname lookups (ala Aquatic Panda) |
Simulates theft of web session cookies [T1539]
|
Simulates theft of web session cookies [T1539] |
Simulates theft of GCP credentials [1552.001, T15060.002]
|
Simulates theft of GCP credentials [1552.001, T15060.002] |
Simulate theft of credentials via key logging [T1056]
|
Simulate theft of credentials via key logging [T1056] |
Simulates theft of credentials via network sniffing [T1040]
|
Simulates theft of credentials via network sniffing [T1040] |
Simulates theft of GCP credentials [1552.001, T15060.002]
|
Simulates theft of GCP credentials [1552.001, T15060.002] |
Simulates a service running by a binary which no longer exists
|
Simulates a service running by a binary which no longer exists |
Simulates process masquerading as a kernel thread [T1036.004]
|
Simulates process masquerading as a kernel thread [T1036.004] |
Simulates process masquerading as another user process [T1036.004]
|
Simulates process masquerading as another user process [T1036.004] |
Simulates attack cleanup via bash_history truncation [T1070.003]
|
Simulates attack cleanup via bash_history truncation [T1070.003] |
Simulates tool transfer using curl & running from /var/tmp/.
|
Simulates tool transfer using curl & running from /var/tmp/. |
Simulates malicious program installing itself into /usr/bin [T1036.005]
|
Simulates malicious program installing itself into /usr/bin [T1036.005] |
Launches a temporary reverse shell using bash
|
Launches a temporary reverse shell using bash |
Simulates tool transfer using curl to a hidden directory [T1036.005]
|
Simulates tool transfer using curl to a hidden directory [T1036.005] |
Simulates droppping a known virus signature (EICAR) onto filesystem
|
Simulates droppping a known virus signature (EICAR) onto filesystem |
Downloads and launches LinPEAS
|
Downloads and launches LinPEAS |
Launches netcat to listen on a port [T1059.004]
|
Launches netcat to listen on a port [T1059.004] |
Launches a temporary reverse shell using Python
|
Launches a temporary reverse shell using Python |
Simulates probing system for privilege escalation vulns
|
Simulates probing system for privilege escalation vulns |
New unsigned obfuscated binary listening from a hidden directory as root
|
New unsigned obfuscated binary listening from a hidden directory as root |
New unsigned binary listening from a hidden directory
|
New unsigned binary listening from a hidden directory |
Simulates attacker making iptables changes to allow incoming traffic
|
Simulates attacker making iptables changes to allow incoming traffic |
Simulates persistance via a fake unsigned Apple launchd service
|
Simulates persistance via a fake unsigned Apple launchd service |
Simulates a command inserting itself into the user crontab for persistence
|
Simulates a command inserting itself into the user crontab for persistence |
Simulate CVE-2022-0847 (Dirty pipe) to escalate user privileges to root
|
Simulate CVE-2022-0847 (Dirty pipe) to escalate user privileges to root |
Simulates using Docker sockets to escalate user privileges to root
|
Simulates using Docker sockets to escalate user privileges to root |
Simulates a PyPI supply chain attack using a modified real-world sample
|
Simulates a PyPI supply chain attack using a modified real-world sample |
Click to show internal directories.
Click to hide internal directories.