Down to deploy
The fastest way to launch attacks against your implants
Last week we launched Operator version 1.2, bringing a lot of new and exciting features to those running security assessments. One which I’m sure many are going to love: the new layout for the Editor section.
Building off of our previous version 1.1, our focus was improving keyboard accessibility and providing a UX overhaul. By implementing tab functionality, we hope to save you some clicks while building TTPs. That being said, refining your TTPs can be a time intensive activity if you’re developing and testing them manually. This post walks you through an efficient flow to develop and test your TTPs while working in the Editor section of Operator.
I want to dedicate this post specifically to the ‘Deploy’ button within Editor.
I am really excited to share this under utilized feature with you today as it plays a huge role for me in testing, and I know it can do the same for you. The major upside of deploying within Editor is the time it saves when developing attacks. Having the ability to get direct feedback on a deployment, similar to a console, I can effectively alter and successfully launch TTPs without having to switch between sections in Operator.
Inside the Editor window, within a TTP, the ‘Deploy’ button is located at the top right. This button will only appear once all required inputs have been fulfilled and the procedure has been saved.
Inside this pop-up menu, you can deploy your currently selected TTP. Just select an agent (by range) to send the command. Only agents which have matching operating systems (platforms) and executors (like PowerShell or Python) will be visible.
Following the instruction, a results window will appear. You will receive one of three outcomes: a red, orange, or green dot. A red dot expresses that the test has failed and as a result the error causing the failure will be displayed under the line of code sent:
An orange dot indicates that the currently selected TTP is in the process of deployment:
If all goes according to plan you will receive the green dot which represents a successful execution (status code of 0). Along with the green dot you will find the output, as if you’d popped open a terminal locally on the box and ran it:
Sending instructions to agents through the Editor’s deploy button is one of my favorite features to use when creating and testing TTPs. It saves me time and is honestly kind of fun to see the immediate feedback from an agent.
I hope you have enjoyed reading and have learned something new about Operator!