operator
ChainsTTPsBlogLogin
menu

Simple and safe real-world attack chains that make threat intelligence actionable.

Every week, the Prelude team designs, builds and chains together TTPs. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator. Download for free.
Download Operator (1.7.0)
Learn more about Operator

Recent Chains

API unhooking via Perun's Fart

2022-10-04

/static/assets/windows-logo.svg
API unhooking by overwriting the current process version of the DLL.
Process injection via CreateRemoteThread

2022-09-27

/static/assets/windows-logo.svg
Injects shellcode into a specified PID using CreateRemoteThread.
Are MOUSEISLAND malware procedures mitigated on this host?

2022-09-19

/static/assets/windows-logo.svg
Emulates procedures found in MOUSEISLAND malware.
Are Agent Telsa malware procedures mitigated on this host?

2022-09-12

/static/assets/windows-logo.svg
Emulates tactics found in Agent Tesla.
Are Remcos RAT procedures mitigated on this host?

2022-09-05

/static/assets/windows-logo.svg
Emulates tactics found in Remcos RAT.
Are GootLoader malware procedures mitigated on this host?

2022-08-30

/static/assets/windows-logo.svg
Emulates tactics found in GootLoader malware.
Can this host mitigate procedures used in LokiBot malware?

2022-08-23

/static/assets/windows-logo.svg
Emulates LokiBot Password Stealer's procedures for credential harvesting.
Is this host protected from Qakbot?

2022-08-15

/static/assets/windows-logo.svg
Emulates Qakbot's privilege escalation, defense evasion and data collection/exfiltration tactics.
Is Spring Cloud Gateway patched against CVE-2022-22947?

2022-08-09

/static/assets/linux-logo.svg
Sends a crafted curl request to execute code via Spring Cloud Gateway.
Browse all Prelude chains
About PreludePrelude hardens an organization's defenses by continuously “asking” it questions through the form of safe cyberattacks. These attacks respond immediately to the latest vulnerabilities and cyber events, turning complex technical descriptions into deployable “questions”.Our mission is to increase the reach, frequency and usage of advanced security for all organizations.
twitterFollow @preludeorg on Twitter for new chains and more.
discordJoin the Prelude Discord to discuss chains and more.
githubKeep up to date with code changes and community activity on Github
operator
Prelude.orgCareersTactics & TechniquesAttack themes
Privacy Policysupport@prelude.org© 2022 Prelude Research, Inc.All rights reserved. Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.