Caldera emulation abilities
6 runnable adversary-emulation actions · command + platform · mapped to ATT&CK
All tactics
build-capabilities · 1 collection · 16 command-and-control · 6 credential-access · 10 defense-evasion · 15 detection · 8 discovery · 67 execution · 9 exfiltration · 13 hunt · 4 impact · 8 lateral-movement · 10 persistence · 3 privilege-escalation · 8 response · 14 setup · 10 technical-information-gathering · 1 training · 6 verification · 2
⚠
Abilities
6 shown of 6Add New Cronjob/Scheduled Task
Certification ability to create a new cronjob or scheduled task
Show command
[{"platform": "linux", "executor": "sh", "command": "crontab -l > new_crontab;\necho '0 * * * * /bin/echo bad_cronjob' >> new_crontab;\ncrontab new_crontab;\nrm -f new_crontab;\n"}, {"platform": "darwin", "executor": "sh", "command": "crontab -l > new_crontab;\necho '0 * * * * /bin/echo bad_cronjob' >> new_crontab;\ncrontab new_crontab;\nrm -f new_crontab;\n"}, {"platform": "windows", "executor": "psh", "command": "$action = New-ScheduledTaskAction -Execute \"calc.exe\";\n$trigger = New-ScheduledTaskTrigger -Daily -At 9am;\nRegister-ScheduledTask -Action $action -Trigger $trigger -TaskName \"FindMe\" -Description \"Pretend malicious scheduled action\";"}]Create Process on Unauthorized Port
Certification ability to create a listening process on an unauthorized port
Show command
[{"platform": "linux", "executor": "sh", "command": "nc -nlv 7011 &\n"}, {"platform": "darwin", "executor": "sh", "command": "nc -nlv 7011 &"}]Delete Pretend Malicious Mail
Delete previously stored pretend malicious mail
Show command
[{"platform": "linux", "executor": "sh", "command": "rm -f /var/mail/victim"}]Modify Bash/Powershell Profile
Add a line to the Bash or Powershell profile
Show command
[{"platform": "linux", "executor": "sh", "command": "touch ~/.bashrc;\necho '#Find this change!' >> ~/.bashrc;\n"}, {"platform": "darwin", "executor": "sh", "command": "touch ~/.bashrc;\necho '#Find this change!' >> ~/.bashrc;\n"}, {"platform": "windows", "executor": "psh", "command": "if (Test-Path $Profile) {\n echo '#Find this change!' >> $Profile;\n} else {\n echo '#Find this change!' > $Profile;\n}\n"}]Pretend Malicious File
Create a pretend malicious file to be acted on
Show command
[{"platform": "windows", "executor": "psh", "command": "echo 'Malicious file' > C:\\Users\\Public\\malicious;\n(Get-FileHash C:\\Users\\Public\\malicious).Hash > C:\\Users\\Public\\malicious_files.txt\n"}]Pretend Malicious Mail
Send an email with a pretend evil domain to be acted on
Show command
[{"platform": "linux", "executor": "sh", "command": "mv ./phish_email.txt /var/mail/victim\n"}]Showing 1-6 of 6