Simple and safe real-world attack chains that make threat intelligence actionable.

Every week, the Prelude team designs, builds and chains together TTPs. These chains, which mimic real-world cyberattacks, can be safely used to test your internal defenses. These chains are all usable in Prelude Operator. Download for free.
Download Operator (1.7.0)

Recent Chains

API unhooking via Perun's Fart


API unhooking by overwriting the current process version of the DLL.
Process injection via CreateRemoteThread


Injects shellcode into a specified PID using CreateRemoteThread.
Are MOUSEISLAND malware procedures mitigated on this host?


Emulates procedures found in MOUSEISLAND malware.
Are Agent Telsa malware procedures mitigated on this host?


Emulates tactics found in Agent Tesla.
Are Remcos RAT procedures mitigated on this host?


Emulates tactics found in Remcos RAT.
Are GootLoader malware procedures mitigated on this host?


Emulates tactics found in GootLoader malware.
Can this host mitigate procedures used in LokiBot malware?


Emulates LokiBot Password Stealer's procedures for credential harvesting.
Is this host protected from Qakbot?


Emulates Qakbot's privilege escalation, defense evasion and data collection/exfiltration tactics.
Is Spring Cloud Gateway patched against CVE-2022-22947?


Sends a crafted curl request to execute code via Spring Cloud Gateway.