Prelude
@preludeorg
Followers
1,570
Following
525
Media
167
Statuses
611
Prelude Detect quickly transforms your threat intelligence into validated protections.
USA
Joined October 2020
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Ricardo
• 112263 Tweets
Karime
• 97486 Tweets
#TheStatement7
• 81600 Tweets
重陽の節句
• 73201 Tweets
#LISAxVogueKorea
• 63456 Tweets
昭和99年
• 43630 Tweets
シーザリオ
• 43160 Tweets
BTS is 7
• 41725 Tweets
高市さん
• 32424 Tweets
Didi
• 27679 Tweets
BTS IS SEVEN
• 25373 Tweets
Stafford
• 22701 Tweets
MSSP
• 21093 Tweets
Happy New Week
• 20302 Tweets
PRABOWOJKW TetapSELARAS
• 19070 Tweets
ADUdomba UdahGAKJAMAN
• 18416 Tweets
UPICK ADD SUGA
• 17126 Tweets
कारगिल युद्ध
• 16576 Tweets
Priyadarshan
• 14268 Tweets
#NiceGuy_NEXTDOOR
• 13370 Tweets
落語心中
• 13158 Tweets
#9Eylül
• 11318 Tweets
Pinned Tweet
📢 Exciting news! We’ve partnered w/
@CrowdStrike
to change the cyber defense landscape! 🚀 Our integration enables prod-scale continuous security testing and auto-hardening of Falcon-protected endpoints against emerging threats.
Learn more:
3
3
36
You know ETW, but did you know ETW could potentially be used for stealthy offensive comms? In this blog, Prelude Principal Security Engineer
@jsecurity101
outlines a POC for such an application (and the defensive limitations for detection).
#infosec
1
56
138
This Thursday March 9th,
@MrUn1k0d3r
will be presenting "Windows Internals for Red Teams" in the Prelude community discord at 7 PM EST. Drop in, chat, and learn about Windows internals!
#infosec
#redteam
1
37
127
This week for
#TTPTuesday
we are releasing our last part in the
#APT40
series. This chain collects files that might hold sensitive information and exfiltrates them for review. Check it out!
#purpleteaming
#cyberattacks
#redteaming
1
52
114
0
28
75
How your EDR actually works
1
23
73
Prelude's newest Principal Security Engineer
@jsecurity101
wasted no time exploring and sharing his research on missing telemetry from Windows 4688 Event (process forking).
Learn more in his latest blog ⑃
#infosec
#blueteam
0
18
64
This week for
#TTPTuesday
we are releasing the latest installment of our multipart theme dedicated to
#APT38
. Check it out!
#purpleteaming
#cyberattacks
#redteam
0
25
50
Want to create better detections? Get a better sense for how your EDR _actually_ works.
Join
@matterpreter
's webinar on 2/29 @ 2pm and you can do both.
Reserve your spot over on our Discord ⬇️
#infosec
#securityengineering
0
11
48
This week for
#TTPTuesday
we are releasing the first in our multiple theme dedicated to
#APT38
. Check it out!
#purpleteaming
#cyberattacks
#redteam
@preludeorg
0
19
48
Two TTPs are being released for
#TTP
Tuesday. One that targets CVE-2022-26134 and another that executes a defanged version of Ryuk
#ransomware
. With a few clicks, check if your system is protected against these
#threats
.
0
22
44
Join the Prelude Discord this Thursday at 2pm to catch
@ShitSecure
's live stream - AV/
#EDR
Evasion: Packer Style.
Drop in, chat, and learn about staying stealthy vs the
#blueteam
:
#infosec
#purpleteam
3
9
42
Our Discord Live Stream recording featuring
@netspooky
is now available on our YouTube.
Come for the fun and to learn about protocol reverse engineering, with lots of history, resources, tips and tricks, and more.
#securityengineering
#infosec
1
10
36
Check out this fantastic blog by
@shadyeip
on automating a Purple Team with
@preludeorg
Operator,
@secrisk
Vectr, and his custom tool iShelly ()!
#purpleteam
#macos
#jxa
1
8
32
Prelude Principal Security Engineer Matt Hand (
@matterpreter
) had his new book make its way onto
@helpnetsecurity
's '10 must-read
#cybersecurity
books for 2024'
Run - don't walk - to grab your copy. Available via
@nostarch
#infosec
1
8
28
Looking for IT folk w/no
#cybersecurity
experience but who'd love to develop the skills. We have an apprentice training program to teach the ropes. few hrs/week. free. preferably actively in IT. check or msg pitsa
@prelude
.org if interested.
2
14
21
Join us in the Prelude Discord on 4/20 at 7pm for a prezo from
@LittleJoeTables
on the power of WASM/WASI in network encoding with Sliver v1.6 release.
We'll be exploring dynamic callback functions & future applications of this 🔥 tech.
#infosec
0
4
22
Check out
@privateducky
and
@khyberspache
presenting Operator 1.5 red team use cases & agent design for
@MrUn1k0d3r
's Offensive Coding course. Big shout out to
@MrUn1k0d3r
, thank you!
0
5
21
Our new partnership with
@CrowdStrike
provides a first-of-its-kind integration between our two platforms, giving joint customers a way to easily deploy Prelude probes, begin testing, and fortify Falcon
#XDR
capabilities - within seconds. We're grateful for their investment and
1
5
21
We're stoked to welcome
@eversinc33
to our Discord to present on syscalls for Windows
#malware
.
Just getting started with malware dev? Tune in on Weds., April 12 at 2pm EDT for an overview of different syscall implementations.
Join here ➡️
#infosec
0
1
20
The recording of
@ShitSecure
's presentation from the Prelude Discord Live Stream is now available:
AV/
#EDR
Evasion: Packer Style
#infosec
0
6
20
The recording of
@chvancooten
's presentation from our Discord Live Sream Series is now live on our YouTube.
Now showing:
#Malware
Dev with Nim- A Case Study in NimPlant
#infosec
0
4
19
Join us in the Prelude Discord on 5/11 at 7pm EDT for a presentation from
@netspooky
.
Prepare your body for Protocol Reverse Engineering resources + useful tips and tricks.
Join Here:
#infosec
0
5
18
In the winter of 2022 we released a
#Conti
ransomware themed series of
#TTPs
focused on Windows
#ransomware
deployment. Below is an index of the six kill-chains 🧵
1
6
16
This week for
#TTPTuesday
we are releasing the next chain in our APT38 Theme called "CryptoSpy" (based on the TraderTraitor malware). Check it out!
#purpleteaming
#cyberattacks
#redteam
#crypto
1
8
17
Earlier this week, Prelude CTO, David Hunt (
@privateducky
), joined the folks at
@offsectraining
to talk a bit about his origin story,
#MITREATTACK
+ Caldera,
#TTPs
, security testing, and more.
Check it out:
#infosec
#redteam
#purpleteam
0
8
14
You just got 45 more pages of
#threatintelligence
. Enter Prelude's new set of autonomous capabilities—built to transform that CTI into validated protections...fast.
See how we're leveraging AI to unify SecOps and streamline the threat management process:
0
7
16
Last week we shared an update to the Operator professional community regarding changes to the Operator Professional edition. We'll summarize these changes in the thread below.
🧵1/7
1
0
16
Take a few seconds to run the latest
#VerifiedFriday
VST on and safely test how your
#EDR
/AV responds.
0
3
15
#TTPTuesday
is here once again! This week we are releasing our first collection of mobile focused TTPs! This collection has several
#Android
TTPs primarily targeting ADB Shell commands.
#redteam
#purpleteam
#infosec
#cybersecurity
1
5
15
"Within SeAuditProcessCreation, a call to SeCaptureSubjectContext is made. This function grabs the security context of the calling 🧵, which will be Fork.exe’s token in our ex. ... MSFT is retrieving the correct token info, but not the right process info for the event."
Read on:
0
3
15
Introducing Prelude Build: an open source IDE for authoring, testing and verifying security tests.
With Build, security engineers get assurance that their security tests will work exactly as expected, every time. Getting started is free and easy:
#infosec
0
10
14
Operator 1.2 is now available: brand new dashboard, works offline, completely refreshed TTP editor...
#preludeoperator
#purpleteam
0
3
14
We are extremely excited to have the opportunity to bring advanced security down market and raise the national cybersecurity floor
#preludeoperator
#cyber
#infosec
0
6
13
Coming to you live from
#FIRSTCON24
,
@matterpreter
delivering the goods on building robust detections.
#FIRSTCON
#infosec
#detectionengineering
0
1
12
The time is nigh! Hop into the Prelude Discord to catch
@MrUn1k0d3r
's live stream "Windows Internals for the
#RedTeam
" today at 7pm EST.
#infosec
0
2
12
Permutations and slight variations in adversary behavior can make our detections increasingly brittle. 🚨
@matterpreter
explores how organizations can effectively dissect tradecraft to build more robust detections:
0
5
12
Don't forget to tune in today at 3pm for
@ShitSecure
's live stream on AV/
#EDR
Evasion: Packer Style, happening on the Prelude Discord. Join the discussion and discover how to stay under the radar against the
#blueteam
:
#infosec
#redteam
0
3
12
Check out the latest
#0verture
podcast episode (CVE-EP7) featuring special guest Casey Smith (
@subTee
)!
@khyberspache
,
@Xanthonus
, and
@subTee
discuss all things security testing - check it out!
1
6
10
Now’s your chance to grab a signed copy of
@matterpreter
’s book, Evading EDR.
Swing by the
#RSAC
Early Stage Expo to get the goods and chat with Matt 📖
#infosec
#RSAConference
0
0
11
Check out
@VV_X_7
's approach to his week 1 task at Prelude: Hack the CEO :)
#macOS
#OSINT
#preludeoperator
0
2
11
Welcome,
@jsecurity101
🖤[𝐏]
Excited to announce that I have officially started at
@preludeorg
as a Principal Security Engineer.
Let the fun begin😎
22
1
82
1
0
9
Continuous security testing at scale starts with ☝️ test on ☝️ endpoint. Check out
@privateducky
's 🆕 prezo from
@AdversaryVillag
- an intro to using Verified Security Tests to continuously test servers + workstations!
#infosec
#purpleteam
#ttps
0
4
10
It's
#TTPTuesday
! We have a local privilege escalation through an exposed Docker Daemon! Find out if you are vulnerable today here:
#infosec
#containersecurity
0
5
10
We're making a scheduling change for this session and moving it to next week.
@MrUn1k0d3r
's live stream will be taking place on Tuesday, March 14th at 7pm EST.
This Thursday March 9th,
@MrUn1k0d3r
will be presenting "Windows Internals for Red Teams" in the Prelude community discord at 7 PM EST. Drop in, chat, and learn about Windows internals!
#infosec
#redteam
1
37
127
0
2
9
🕑Ready to tune in? We'll be going live in just under an hour as
@matterpreter
breaks down what goes on under the hood of your EDR.
Want to create better detections? Get a better sense for how your EDR _actually_ works.
Join
@matterpreter
's webinar on 2/29 @ 2pm and you can do both.
Reserve your spot over on our Discord ⬇️
#infosec
#securityengineering
0
11
48
0
0
10
🎉 Celebrate
#HackSpaceCon
with us! 🚀 Get 40% off
@MrUn1k0d3r
#RedTeam
Training on 4/13 & 14 @ Kennedy Space Centre. Only 5 discounted seats available, so hurry up & use code HSCPRELUDEOFF40. Each training 🎟 comes w/ a free conference 🎟
@HackSpaceCon
0
3
9
In case you missed it,
@eversinc33
's prezo from our Discord Live Stream Series is now available on our YouTube channel:
Intro to Syscalls for Windows
#Malware
#infosec
#cybersecurity
0
4
10
Looking forward to seeing Prelude's own -
@VV_X_7
and
@gerbsec
- host a free workshop at
@HackSpaceCon
! Grab your ticket to join this session for an intro to continuous security testing.
#infosec
#redteam
#hackspacecon
0
3
9
Looking forward to seeing Prelude's own -
@VV_X_7
and
@gerbsec
- host a free workshop at
@HackSpaceCon
! Grab your ticket to join this session for an intro to continuous security testing.
#infosec
#redteam
#hackspacecon
0
5
9
Happy
#VerifiedFriday
🎉this week's new
#opensource
VST is now live:
Will my computer quarantine a (defanged) malicious
#QuakBot
OneNote file?
Safely test how your
#EDR
/AV responds🧪
Docs
Git
🔬
@TrellixARC
+
@John_Fokker
#malware
Threat actors’ use of Microsoft OneNote to spread Qakbot marks a novel malware distribution strategy. Our researchers detail how they deobfuscated and unpacked it, and extracted its configurations. Read more.
1
82
190
0
3
8
A Microsoft Excel spreadsheet, containing a popular malicious macro, is dropped on the disk. Your
#EDR
should quarantine the file. But does it actually?
Here's a safe, fast way to test for yourself 🧪
#infosec
#opensource
#PreludeDetect
0
2
9
🧐 Adversary deception tools in your
#EDR
can mislead threat actors and force them to spend additional development cycles they don't have.
Get more insights into your EDR with Principal Security Engineer
@matterpreter
:
0
4
9
Take 90 seconds to safely test if your endpoint defenses will protect you against LockBit ransomware
#infosec
#stopransomware
0
1
9
We're releasing two new Verified Security Tests (VSTs).
Continuously test that endpoint defenses are detecting and quarantining Lockbit
#Ransomware
at scale and in your production environment.
🧵 1/3
#StopRansomware
#LockBit
🚨
@CISAgov
,
@FBI
&
@CISecurity
’s MS-ISAC published a
#cybersecurity
advisory providing
#TTPs
,
#IOCs
& other details on how
#LockBit
3.0 ransomware is used to target critical infrastructure & businesses. Review the advisory at today❗
#StopRansomware
4
52
78
2
1
7
New Chain,
#PasstheTicket
, that leverages
#mimikatz
&
#Rubeus
to export & perform a pass-the-ticket attack; used to laterally move across an enviro. These are hard to detect & remediate entirely, letting adversaries to 🪰 under the radar.
Learn more:
#ttps
0
3
9
Last month,
@matterpreter
helped dispel the illusion that is the modern
#EDR
.
🤔 From false positive ratios to enhancing your detection queries, get the answers to the top questions attendees were asking during our live stream:
0
2
7
Our attack chains, which mimic the most advanced real-world cyberattacks, are being posted on our website each week on
#TTPtuesday
. They can be safely used to test your internal defenses with Prelude Operator.
#preludeoperator
1
5
9
Here's the experience of authoring a security test in Build. It's a simple example written in C for
#macOS
, "does sudo require a password?". Learn how to ✍️ tests in your preferred language & intended os/architecture using our docs:
#infosec
#macadmins
0
3
8
It's Tuesday, which means time for the final installment of our Conti theme series! Check it out!
#ttptuesday
#purpleteaming
1
2
8
.
@LittleJoeTables
Offensive Wasm prezo from our Discord Live Stream Series is now available on our YouTube channel.
Check it out:
#infosec
0
4
8
Happy
#VerifiedFriday
!
We've published a trio of NEW Verified Security Tests (VSTs) for this week - all of them available on GitHub and in the platform. 🧵
VST repo:
Console:
#infosec
#TTPs
1
3
8
@MrUn1k0d3r
We're making a scheduling change for this session and moving it to next week.
@MrUn1k0d3r
's live stream will be taking place on Tuesday, March 14th at 7pm EST.
1
1
7
This week for
#TTPTuesday
we are releasing another APT38 chain dedicated to the 2014
@sonypictures
hack! Check it out!
#purpleteaming
#cyberattacks
#redteam
@preludeorg
0
8
7
Ohori Park 🤝 Fukuoka Castle 🤝
@matterpreter
's Presentation
Three things you should check out while you're in Japan for
#FIRSTCON24
next week. See how you can connect with Prelude while you're there:
0
0
7
We're proud to share that Prelude has been named the winner of Cyber Defense Magazine's Top
#InfoSec
Award in the Cutting Edge Cybersecurity Startup category 🏆
Big thanks to our users, customers, and the Prelude team.
Learn more➡️
0
0
7
Operator Kill Chain: Emulate components of the REvil attack on Kaseya VSA by side-loading Pneuma using a vulnerable Windows Defender binary.
1
2
7
Today, we are releasing SCwipe ransomware chain for
#TTPTuesday
! A unique
#SwiftLang
ransomware for
#macOS
developed by our very own
@privateducky
and
@SThomps
. Try it today in your environment using Prelude Operator! See how it works in our YT video.
0
2
6
Excited to have you join us,
@0x6D6172636F
Stoked to speak again on Thursday Feb. 16th! Will be talking RE concepts in the Prelude community discord at 7pm eastern:
2
6
41
0
2
7
This week for
#TTPTuesday
we are releasing part of a new series focused on Russia's
#GTsST
. Check it out!
#purpleteaming
#cyberattacks
#redteam
@preludeorg
#sandworm
1
1
7
Gain exposure to offensive security concepts and practical red team skills with Pink Badge.
Free four-week training program.
Launching next week.
Register now.
#preludeoperator
#pinkbadge
0
3
7
Start your week off with a new episode of 0verture! EP9 is all about technical hiring with
@Xanthonus
@khyberspache
and
@ptiglias
. Listen to it on all major podcasting platforms!
1
0
7
Not able to make the Operator 1.5 pre-release demo? Have no fear,
#Youtube
is here! Watch the video of the stream here:
#preludeoperator
#purpleteam
1
2
7
TTP Tuesday is different! We are introducing multi-week themes to create cohesive stories and provide insight on what we are building.
Check it out here:
1
0
7
You can implement continuous security testing to your endpoints in 6 minutes or less.
To prove it, here's a 6min demo of Prelude Detect 1.3.0.
#Blueteam
#ThreatIntelligence
#Ransomware
0
4
7
What's new with our detection & response testing platform? Come see for yourself in our Discord on 1/22 at 1:30pm ET as we walkthrough Prelude Detect 1.6.0 with
@matterpreter
+ our VP/Product.
🔗 to Discord event:
#infosec
#blueteam
0
2
7
POV: Prelude automatically feeding
#QuakBot
test efficacy data to
@CrowdStrike
, completing the auto-hardening loop.
Create a free account to continuously test (& auto-harden) 25 prod endpoints, for free 🧪
#blueteam
#malware
#infosec
0
3
7
The documentation for Build is live! Here are some instructions on getting started with Build's user interface and(/or) the Prelude CLI.
#infosec
#cybersecurity
0
3
6
@preludeorg
has a Podcast! Join
@xanthonus
and
@khyberspache
in the first episode of
#0verture
where they talk about some new features of
#preludeoperator
1.2, upcoming TTP releases, and more!
Find it on Spotify, Apple Podcasts, Youtube, and RSS!
0
1
6
#VerifiedFriday
is here 🐇 This week's
#opensource
Verified Security Tests is now live:
Will your
#EDR
/AV quarantine AsyncRAT
#malware
?
Safely run this test🧪
Docs
Git
Shoutout
@JAMESWT_MHT
More tests:
0
3
6
If you are a
#redteam
or
#purpleteam
member, or a penetration tester, you can use the methods described here to set up around-the-clock security testing on your machines
#ttps
#ThreatIntel
#opensource
0
1
6
Prelude CTO & Co-Founder, David Hunt
@privateducky
, is going live on Enterprise Security Weekly. Tune in to the live conversation
@SecWeekly
@PyroTek3
#infosec
0
3
6
Are your defensive controls working as expected?
“You sure about that?”
Swing by to meet us at
#BlackHat
Booth SC411 to chat about testing and self-healing your defenses (at scale).
Oh, and grab some of
@techyteachme
’s stickers.
0
0
6
This week for
#TTPTuesday
we are releasing the second part of our multipart theme dedicated to
#Conti
#ransomware
. Check it out!
#purpleteaming
#cyberattacks
#redteam
1
1
6
Prelude CTO,
@privateducky
, will be joining
@MrUn1k0d3r
's Discord at the top of the hour to give a guided introduction to continuous security testing🧪
#infosec
We are going live tonight at 7 PM EST.
@privateducky
from
@preludeorg
will introduce new concepts and technologies for continous security testing.
❤
0
2
9
0
0
6
