f33d by Prelude

Share this post
Down to deploy
feed.prelude.org

Down to deploy

The fastest way to launch attacks against your implants

Stephan Wampouille
Sep 27, 2021
Share this post
Down to deploy
feed.prelude.org

Last week we launched Operator version 1.2, bringing a lot of new and exciting features to those running security assessments. One which I’m sure many are going to love: the new layout for the Editor section. 

Building off of our previous version 1.1, our focus was improving keyboard accessibility and providing a UX overhaul. By implementing tab functionality, we hope to save you some clicks while building TTPs. That being said, refining your TTPs can be a time intensive activity if you’re developing and testing them manually. This post walks you through an efficient flow to develop and test your TTPs while working in the Editor section of Operator.

I want to dedicate this post specifically to the ‘Deploy’ button within Editor.

I am really excited to share this under utilized feature with you today as it plays a huge role for me in testing, and I know it can do the same for you. The major upside of deploying within Editor is the time it saves when developing attacks. Having the ability to get direct feedback on a deployment, similar to a console, I can effectively alter and successfully launch TTPs without having to switch between sections in Operator.

Inside the Editor window, within a TTP, the ‘Deploy’ button is located at the top right. This button will only appear once all required inputs have been fulfilled and the procedure has been saved.

            Clicking on the highlighted ‘DEPLOY’ button up top reveals the menu in the next image.

Inside this pop-up menu, you can deploy your currently selected TTP. Just select an agent (by range) to send the command. Only agents which have matching operating systems (platforms) and executors (like PowerShell or Python) will be visible.

Following the instruction, a results window will appear. You will receive one of three outcomes: a red, orange, or green dot. A red dot expresses that the test has failed and as a result the error causing the failure will be displayed under the line of code sent:

An orange dot indicates that the currently selected TTP is in the process of deployment:

If all goes according to plan you will receive the green dot which represents a successful execution (status code of 0). Along with the green dot you will find the output, as if you’d popped open a terminal locally on the box and ran it:


Sending instructions to agents through the Editor’s deploy button is one of my favorite features to use when creating and testing TTPs. It saves me time and is honestly kind of fun to see the immediate feedback from an agent.

I hope you have enjoyed reading and have learned something new about Operator!

Share this post
Down to deploy
feed.prelude.org
A guest post by
Stephan Wampouille
Hello! My name is Stephan Wampouille and I am a Mechanical Engineering student at Virginia Tech, who has recently found an interest in cyber security through my time as an intern at Prelude Research Inc.!
Subscribe to Stephan
Comments
TopNewCommunity

No posts

Ready for more?

© 2023 Prelude Research, Inc.
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing