-
Notifications
You must be signed in to change notification settings - Fork 21
Execute Attack Techniques
Halberd makes it incredibly simple to execute sophisticated cloud attack techniques through its intuitive interface. Each technique is pre-configured with smart defaults while maintaining full customization capabilities.
- Navigate to the Attack view in the Halberd UI
- Select your target cloud platform from the available tabs:
- EntraID (Microsoft Entra ID)
- M365 (Microsoft 365)
- AWS (Amazon Web Services)
- Azure (Microsoft Azure)
- Choose an attack tactic from the dropdown menu, such as:
- Initial Access
- Privilege Escalation
- Defense Evasion
- Credential Access
- And more...
- Select a technique from the available options under your chosen tactic
- Each technique shows a clear, descriptive name
- Techniques are automatically filtered based on the selected cloud platform and tactic
Required parameters are marked with an asterisk (*) Optional parameters display default values in light text Default values are carefully chosen based on common attack scenarios
Halberd supports multiple input types:
- Text fields - For strings, identifiers, names
- Toggle switches - For boolean options
- File uploads - For files like wordlists or scripts
- Password fields - For sensitive inputs
- Fill in the required parameters (marked with *)
- Optionally modify any default values
- Click the "Execute Technique" button
- Monitor the Response window for:
- Real-time execution status
- Detailed output
- Next steps or additional instructions
Before executing techniques (except Initial Access), verify your cloud access:
- Click the "Access" button at the top of the Attack view
- Review your current access status:
- EntraID/M365: Active token and permissions
- AWS: Active session and assumed role
- Azure: Active subscription and credentials
The access button provides visual feedback:
- Green: Valid access available
- Red: No active access
- Shows active identity/session info
Results are displayed in multiple ways:
-
Immediate Feedback
- Real-time execution status
- Structured output in the Response window
- Success/failure notifications
-
Historical Analysis
- Click "View Attack History" to see all executions
- Filter and search past attempts
- Download execution logs for analysis
Techniques can be saved as part of automated playbooks:
- Click "+ Add to Playbook" after configuring a technique
- Select or create a playbook
- Optionally specify:
- Step number in sequence
- Wait time between steps
Here's a complete example of executing a password spray attack against Entra ID:
- Select "EntraID" tab
- Choose "Credential Access" tactic
- Select "Password Spray" technique
- Configure:
Username File: users.txt (upload)
Password: Spring2024!
Wait: 3 (default)
Stop at First Match: true (default)
- Click "Execute Technique"
- Monitor results in real-time
- Start with Initial Access techniques to establish valid sessions
- Use the default parameters when first learning a technique
- Review technique information (right pane) for detailed descriptions and MITRE mappings
- Monitor the access button status to ensure valid credentials
- Use the Attack History view to learn from previous executions
Halberd's interface is designed to make complex attack techniques accessible while providing full control when needed. The standardized execution flow works consistently across all cloud platforms and technique types.