├── .github ├── dependabot.yml └── workflows │ └── codeql-analysis.yml ├── .gitignore ├── .golangci.yml ├── LICENSE ├── Makefile ├── README.md ├── cmd ├── access-chrome-breakout-root │ └── main.go ├── cnc-dns-over-https │ └── main.go ├── cnc-resolve-random │ └── main.go ├── creds-browser-cookies │ └── main.go ├── creds-gcp-exfil │ └── main.go ├── creds-keylogger-root │ └── main.go ├── creds-packet-sniffer-root │ └── main.go ├── creds-ssh-exfil │ └── main.go ├── evade-deleted-service │ └── main.go ├── evade-masquerade-kernel-thread-root │ └── main.go ├── evade-masquerade-user │ └── main.go ├── evade-shell-history │ └── main.go ├── evade-tools-in-var-tmp-hidden │ └── main.go ├── evade-usr-bin-exec-root │ └── main.go ├── exec-bash-reverse-shell │ └── main.go ├── exec-curl-to-hidden-url │ └── main.go ├── exec-drop-eicar │ └── main.go ├── exec-linpeas │ └── main.go ├── exec-netcat-listen │ └── main.go ├── exec-python-reverse-shell │ └── main.go ├── exec-traitor-vuln-probe │ └── main.go ├── exec-upx-listener-root │ └── main.go ├── hidden-listener │ └── main.go ├── persist-iptables-root │ └── main.go ├── persist-launchd-com-apple-root │ └── main.go ├── persist-user-crontab-reboot │ └── main.go ├── privesc-traitor-dirty-pipe │ └── main.go ├── privesc-traitor-docker-socket │ └── main.go └── pypi-supply-chain │ ├── main.go │ └── valyrian_debug.zip ├── go.mod ├── go.sum ├── images ├── ioc-choices.png ├── ioc-running.png ├── logo.png └── logo.xcf ├── main.go ├── pkg ├── iexec │ └── iexec.go └── simulate │ ├── breakout.go │ ├── doh.go │ ├── keylogger.go │ ├── resolve.go │ ├── reverse_shell.go │ ├── shell_history.go │ └── traitor.go └── views.go /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/.github/workflows/codeql-analysis.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/.gitignore -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/.golangci.yml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/README.md -------------------------------------------------------------------------------- /cmd/access-chrome-breakout-root/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/access-chrome-breakout-root/main.go -------------------------------------------------------------------------------- /cmd/cnc-dns-over-https/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/cnc-dns-over-https/main.go -------------------------------------------------------------------------------- /cmd/cnc-resolve-random/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/cnc-resolve-random/main.go -------------------------------------------------------------------------------- /cmd/creds-browser-cookies/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/creds-browser-cookies/main.go -------------------------------------------------------------------------------- /cmd/creds-gcp-exfil/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/creds-gcp-exfil/main.go -------------------------------------------------------------------------------- /cmd/creds-keylogger-root/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/creds-keylogger-root/main.go -------------------------------------------------------------------------------- /cmd/creds-packet-sniffer-root/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/creds-packet-sniffer-root/main.go -------------------------------------------------------------------------------- /cmd/creds-ssh-exfil/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/creds-ssh-exfil/main.go -------------------------------------------------------------------------------- /cmd/evade-deleted-service/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/evade-deleted-service/main.go -------------------------------------------------------------------------------- /cmd/evade-masquerade-kernel-thread-root/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/evade-masquerade-kernel-thread-root/main.go -------------------------------------------------------------------------------- /cmd/evade-masquerade-user/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/evade-masquerade-user/main.go -------------------------------------------------------------------------------- /cmd/evade-shell-history/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/evade-shell-history/main.go -------------------------------------------------------------------------------- /cmd/evade-tools-in-var-tmp-hidden/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/evade-tools-in-var-tmp-hidden/main.go -------------------------------------------------------------------------------- /cmd/evade-usr-bin-exec-root/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/evade-usr-bin-exec-root/main.go -------------------------------------------------------------------------------- /cmd/exec-bash-reverse-shell/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/exec-bash-reverse-shell/main.go -------------------------------------------------------------------------------- /cmd/exec-curl-to-hidden-url/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/exec-curl-to-hidden-url/main.go -------------------------------------------------------------------------------- /cmd/exec-drop-eicar/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/exec-drop-eicar/main.go -------------------------------------------------------------------------------- /cmd/exec-linpeas/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/exec-linpeas/main.go -------------------------------------------------------------------------------- /cmd/exec-netcat-listen/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/exec-netcat-listen/main.go -------------------------------------------------------------------------------- /cmd/exec-python-reverse-shell/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/exec-python-reverse-shell/main.go -------------------------------------------------------------------------------- /cmd/exec-traitor-vuln-probe/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/exec-traitor-vuln-probe/main.go -------------------------------------------------------------------------------- /cmd/exec-upx-listener-root/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/exec-upx-listener-root/main.go -------------------------------------------------------------------------------- /cmd/hidden-listener/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/hidden-listener/main.go -------------------------------------------------------------------------------- /cmd/persist-iptables-root/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/persist-iptables-root/main.go -------------------------------------------------------------------------------- /cmd/persist-launchd-com-apple-root/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/persist-launchd-com-apple-root/main.go -------------------------------------------------------------------------------- /cmd/persist-user-crontab-reboot/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/persist-user-crontab-reboot/main.go -------------------------------------------------------------------------------- /cmd/privesc-traitor-dirty-pipe/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/privesc-traitor-dirty-pipe/main.go -------------------------------------------------------------------------------- /cmd/privesc-traitor-docker-socket/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/privesc-traitor-docker-socket/main.go -------------------------------------------------------------------------------- /cmd/pypi-supply-chain/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/pypi-supply-chain/main.go -------------------------------------------------------------------------------- /cmd/pypi-supply-chain/valyrian_debug.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/cmd/pypi-supply-chain/valyrian_debug.zip -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/go.sum -------------------------------------------------------------------------------- /images/ioc-choices.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/images/ioc-choices.png -------------------------------------------------------------------------------- /images/ioc-running.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/images/ioc-running.png -------------------------------------------------------------------------------- /images/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/images/logo.png -------------------------------------------------------------------------------- /images/logo.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/images/logo.xcf -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/main.go -------------------------------------------------------------------------------- /pkg/iexec/iexec.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/pkg/iexec/iexec.go -------------------------------------------------------------------------------- /pkg/simulate/breakout.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/pkg/simulate/breakout.go -------------------------------------------------------------------------------- /pkg/simulate/doh.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/pkg/simulate/doh.go -------------------------------------------------------------------------------- /pkg/simulate/keylogger.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/pkg/simulate/keylogger.go -------------------------------------------------------------------------------- /pkg/simulate/resolve.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/pkg/simulate/resolve.go -------------------------------------------------------------------------------- /pkg/simulate/reverse_shell.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/pkg/simulate/reverse_shell.go -------------------------------------------------------------------------------- /pkg/simulate/shell_history.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/pkg/simulate/shell_history.go -------------------------------------------------------------------------------- /pkg/simulate/traitor.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/pkg/simulate/traitor.go -------------------------------------------------------------------------------- /views.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tstromberg/ttp-bench/HEAD/views.go --------------------------------------------------------------------------------