Mythic Documentation
Mythic Documentation
Mythic
Installation
Internal Documentation
Quick Usage
Operational Pieces
MITRE ATT&CK
Operations
Analytics
Browser Scripts
Active Callbacks
Files
Search
File Browser
Socks Proxy
Credentials
Comments
All Callbacks
Split Callbacks
Screenshots
Event Feed
Task Feed
API Tokens
Message Flow
Understanding Commands
Payload Types
C2 Profiles
Reporting
Scripting
Customizing
Hooking Features
Payload Type Development
C2 Related Development
Common Questions and Answers
FAQ / Troubleshooting Tips
Change Log
Next Release
Powered by GitBook

Operations

What is an operation?

Operations are collections of operators, payloads, tasks, artifacts, callbacks, and files. While payload types and c2 profiles are shared across an entire Mythic instance, operations allow fine grained control over the visibility and access during an assessment.

Where are operations?

Operation information can be found in the "Global Configurations" -> "All Operations" page. If you're a global Mythic admin, you'll see all operations here. Otherwise, you'll only see operations that are associated with your account. Only a global Mythic admin can create new operations.

How do you use operations?

Every operation has at least one member - the lead operator. Other operators can be assigned to the operation with varied levels of access.

  • operator is your normal user.

  • developer has special rights for being able to delete C2 Profiles/Payload Types and viewing extra data about C2 profiles within the UI to help with development.

  • spectator can't do anything within Mythic. They essentially have Read-Only access across the entire operation. They can't create payloads, issue tasking, add comments, send messages, etc. They can search and view callbacks/tasking, but that's it.

For more fine-grained control than that listed above, you can also create block lists. These are named lists of commands that an operator is not allowed to execute for a specific payload type. These block lists are then tied to specific operators. This offers a middle-ground between normal operator with full access and a spectator with no access.

Current Operations

Because many aspects of an assessment are tied to a specific operation (payloads, callbacks, tasks, files, artifacts, etc), there are many things that will appear empty within the Mythic UI until you have an operation selected as your current operation. This lets the Mythic back-end know which data to fetch for you. If you don't have an operation as your active one, then you'll see big red letters at the top of the screen saying that you don't have an active operation. Select this notification as a shortcut to this operations management page and select to make one of your operations your active operation.

Previous
MITRE ATT&CK
Next
Analytics
Last updated 6 months ago
Contents
What is an operation?
Where are operations?
How do you use operations?
Current Operations