Giters

center-for-threat-informed-defense / adversary_emulation_library

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Home Page:https://ctid.io/adversary-emulation

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

APT 29 - Adversary emulation plan changes from CALDERA_DIY to Emulation_Plan - APT29.yml

leonardogavaudan opened this issue · comments

commented

Hi,

I managed to successfully complete the Day 1 Scenario for the evals plugin with the plan

adversary_emulation_library/apt29/Archive/CALDERA_DIY/evals/data/adversaries/d6115456-604a-4707-b30e-079dec5aad53.yml

Caldera DIY Emulation plan

but when launching the day 1 scenario through the Emu plugin using the

adversary_emulation_library/apt29/Emulation_Plan/yaml/APT29.yaml

Yaml emulation plan

I spotted new abilities present in the emulation plan, that are neither in the CALDERA DIY plan, nor in the documentation for the Emulation Plan. I've encountered errors with these new abilities and wondered if anyone shared a similar experience or had any advice.

I'll be creating a separate issue for each new ability that is causing an error

And updating this issue if I find further errors/bugs with new abilities in the Emulation Plan

1. Bypass User Account Control

Step 3.A.2

Ability in Emulation Plan

Dedicated Issue

2. Credential Dumping using Process Injection

Step 5.A.1

Ability in Emulation Plan

Dedicated Issue