Simple and safe real-world attack chains that make threat intelligence actionable.

Every week, the Prelude team designs, builds and chains together TTPs. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator. Download for free.
Download Operator (1.7.0)

Recent Chains


API unhooking via Perun's Fart

2022-10-04

/static/assets/windows-logo.svg
API unhooking by overwriting the current process version of the DLL.
Process injection via CreateRemoteThread

2022-09-27

/static/assets/windows-logo.svg
Injects shellcode into a specified PID using CreateRemoteThread.
Are MOUSEISLAND malware procedures mitigated on this host?

2022-09-19

/static/assets/windows-logo.svg
Emulates procedures found in MOUSEISLAND malware.
Are Agent Telsa malware procedures mitigated on this host?

2022-09-12

/static/assets/windows-logo.svg
Emulates tactics found in Agent Tesla.
Are Remcos RAT procedures mitigated on this host?

2022-09-05

/static/assets/windows-logo.svg
Emulates tactics found in Remcos RAT.
Are GootLoader malware procedures mitigated on this host?

2022-08-30

/static/assets/windows-logo.svg
Emulates tactics found in GootLoader malware.
Can this host mitigate procedures used in LokiBot malware?

2022-08-23

/static/assets/windows-logo.svg
Emulates LokiBot Password Stealer's procedures for credential harvesting.
Is this host protected from Qakbot?

2022-08-15

/static/assets/windows-logo.svg
Emulates Qakbot's privilege escalation, defense evasion and data collection/exfiltration tactics.
Is Spring Cloud Gateway patched against CVE-2022-22947?

2022-08-09

/static/assets/linux-logo.svg
Sends a crafted curl request to execute code via Spring Cloud Gateway.