TTP Tuesday: Conti (Release 5)
Data collection and exfiltration
8 February 2022
We're releasing the fifth release of our Conti ransomware theme with new TTPs focused on data collection and exfiltration. To date, our Conti theme now contains the following kill-chains:
Data collection and exfiltration (Current Release)
Data Collection and Exfiltration
This chain performs collection and exfiltration. First we enumerate the users home directory then attempt to dump hashes via Kerberoasting and AS-REProasting. Once we have target data, the ingress and configure Rclone to work with an ephemeral Mega account then automatically exfiltrate to a Data folder in Mega. Check it out on the Prelude chains website.
Watch a demonstration:
We have 1 more week to go in our Conti theme providing you with an entire Conti adversary attack from beginning to end.
Staying up to date
Thanks for reading our latest TTP Tuesday release! Please subscribe and reach out with any feedback. We love to hear from our community!
There are several ways to follow us and learn more about Prelude and our team members:
Get our products
Join our community
Read, watch, and listen
Listen to our Podcast: https://anchor.fm/preludeorg
Read our blog: https://feed.prelude.org
Watch our live streams: https://www.twitch.tv/preludeorg
Watch our pre-recorded content: https://www.youtube.com/channel/UCZyx-PDZ_k7Vuzyqr4-qK9A