APT 29 - Adversary emulation plan changes from CALDERA_DIY to Emulation_Plan - APT29.yml #84
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Hi,
I managed to successfully complete the Day 1 Scenario for the evals plugin with the plan
adversary_emulation_library/apt29/Archive/CALDERA_DIY/evals/data/adversaries/d6115456-604a-4707-b30e-079dec5aad53.ymlCaldera DIY Emulation plan
but when launching the day 1 scenario through the Emu plugin using the
adversary_emulation_library/apt29/Emulation_Plan/yaml/APT29.yamlYaml emulation plan
I spotted new abilities present in the emulation plan, that are neither in the CALDERA DIY plan, nor in the documentation for the Emulation Plan. I've encountered errors with these new abilities and wondered if anyone shared a similar experience or had any advice.
I'll be creating a separate issue for each new ability that is causing an error
And updating this issue if I find further errors/bugs with new abilities in the Emulation Plan
1. Bypass User Account Control
Step 3.A.2
Ability in Emulation Plan
Dedicated Issue
2. Credential Dumping using Process Injection
Step 5.A.1
Ability in Emulation Plan
Dedicated Issue
The text was updated successfully, but these errors were encountered: