You know ETW, but did you know ETW could potentially be used for stealthy offensive comms? In this blog, Prelude Principal Security Engineer
@jsecurity101
outlines a POC for such an application (and the defensive limitations for detection).
#infosec
This Thursday March 9th,
@MrUn1k0d3r
will be presenting "Windows Internals for Red Teams" in the Prelude community discord at 7 PM EST. Drop in, chat, and learn about Windows internals!
#infosec
#redteam
Prelude's newest Principal Security Engineer
@jsecurity101
wasted no time exploring and sharing his research on missing telemetry from Windows 4688 Event (process forking).
Learn more in his latest blog ⑃
#infosec
#blueteam
Want to create better detections? Get a better sense for how your EDR _actually_ works.
Join
@matterpreter
's webinar on 2/29 @ 2pm and you can do both.
Reserve your spot over on our Discord ⬇️
#infosec
#securityengineering
Two TTPs are being released for
#TTP
Tuesday. One that targets CVE-2022-26134 and another that executes a defanged version of Ryuk
#ransomware
. With a few clicks, check if your system is protected against these
#threats
.
Our Discord Live Stream recording featuring
@netspooky
is now available on our YouTube.
Come for the fun and to learn about protocol reverse engineering, with lots of history, resources, tips and tricks, and more.
#securityengineering
#infosec
Looking for IT folk w/no
#cybersecurity
experience but who'd love to develop the skills. We have an apprentice training program to teach the ropes. few hrs/week. free. preferably actively in IT. check or msg pitsa
@prelude
.org if interested.
Join us in the Prelude Discord on 4/20 at 7pm for a prezo from
@LittleJoeTables
on the power of WASM/WASI in network encoding with Sliver v1.6 release.
We'll be exploring dynamic callback functions & future applications of this 🔥 tech.
#infosec
Our new partnership with
@CrowdStrike
provides a first-of-its-kind integration between our two platforms, giving joint customers a way to easily deploy Prelude probes, begin testing, and fortify Falcon
#XDR
capabilities - within seconds. We're grateful for their investment and
We're stoked to welcome
@eversinc33
to our Discord to present on syscalls for Windows
#malware
.
Just getting started with malware dev? Tune in on Weds., April 12 at 2pm EDT for an overview of different syscall implementations.
Join here ➡️
#infosec
The recording of
@chvancooten
's presentation from our Discord Live Sream Series is now live on our YouTube.
Now showing:
#Malware
Dev with Nim- A Case Study in NimPlant
#infosec
Join us in the Prelude Discord on 5/11 at 7pm EDT for a presentation from
@netspooky
.
Prepare your body for Protocol Reverse Engineering resources + useful tips and tricks.
Join Here:
#infosec
In the winter of 2022 we released a
#Conti
ransomware themed series of
#TTPs
focused on Windows
#ransomware
deployment. Below is an index of the six kill-chains 🧵
You just got 45 more pages of
#threatintelligence
. Enter Prelude's new set of autonomous capabilities—built to transform that CTI into validated protections...fast.
See how we're leveraging AI to unify SecOps and streamline the threat management process:
Last week we shared an update to the Operator professional community regarding changes to the Operator Professional edition. We'll summarize these changes in the thread below.
🧵1/7
"Within SeAuditProcessCreation, a call to SeCaptureSubjectContext is made. This function grabs the security context of the calling 🧵, which will be Fork.exe’s token in our ex. ... MSFT is retrieving the correct token info, but not the right process info for the event."
Read on:
Introducing Prelude Build: an open source IDE for authoring, testing and verifying security tests.
With Build, security engineers get assurance that their security tests will work exactly as expected, every time. Getting started is free and easy:
#infosec
For
#TTP
Tuesday we are releasing two more TTPs for our theme focusing on
#CISA
's "2021 Top Malware Strains". These TTPs emulate some procedures found in
#LokiBot
and
#FormBook
malware. Check it out on the Prelude Chains Website!
We are starting a new TTP Tuesday theme focused on
#CISA
's "2021 Top Malware Strains". This week, we are releasing two TTPs that emulate
#Qakbot
and
#NanoCore
RAT tactics. Check it out on the Prelude Chains website!
We are extremely excited to have the opportunity to bring advanced security down market and raise the national cybersecurity floor
#preludeoperator
#cyber
#infosec
Permutations and slight variations in adversary behavior can make our detections increasingly brittle. 🚨
@matterpreter
explores how organizations can effectively dissect tradecraft to build more robust detections:
Don't forget to tune in today at 3pm for
@ShitSecure
's live stream on AV/
#EDR
Evasion: Packer Style, happening on the Prelude Discord. Join the discussion and discover how to stay under the radar against the
#blueteam
:
#infosec
#redteam
We're making a scheduling change for this session and moving it to next week.
@MrUn1k0d3r
's live stream will be taking place on Tuesday, March 14th at 7pm EST.
This Thursday March 9th,
@MrUn1k0d3r
will be presenting "Windows Internals for Red Teams" in the Prelude community discord at 7 PM EST. Drop in, chat, and learn about Windows internals!
#infosec
#redteam
After years of creating testing solutions & 🧪 formats, we’re excited to finally share our white paper, "An Argument for Continuous Security Testing."
No fluff. No false promises. No contact info required.
#redteam
#blueteam
#infosec
Want to create better detections? Get a better sense for how your EDR _actually_ works.
Join
@matterpreter
's webinar on 2/29 @ 2pm and you can do both.
Reserve your spot over on our Discord ⬇️
#infosec
#securityengineering
🎉 Celebrate
#HackSpaceCon
with us! 🚀 Get 40% off
@MrUn1k0d3r
#RedTeam
Training on 4/13 & 14 @ Kennedy Space Centre. Only 5 discounted seats available, so hurry up & use code HSCPRELUDEOFF40. Each training 🎟 comes w/ a free conference 🎟
@HackSpaceCon
Threat actors’ use of Microsoft OneNote to spread Qakbot marks a novel malware distribution strategy. Our researchers detail how they deobfuscated and unpacked it, and extracted its configurations. Read more.
A Microsoft Excel spreadsheet, containing a popular malicious macro, is dropped on the disk. Your
#EDR
should quarantine the file. But does it actually?
Here's a safe, fast way to test for yourself 🧪
#infosec
#opensource
#PreludeDetect
🧐 Adversary deception tools in your
#EDR
can mislead threat actors and force them to spend additional development cycles they don't have.
Get more insights into your EDR with Principal Security Engineer
@matterpreter
:
We're releasing two new Verified Security Tests (VSTs).
Continuously test that endpoint defenses are detecting and quarantining Lockbit
#Ransomware
at scale and in your production environment.
🧵 1/3
#StopRansomware
#LockBit
New Chain,
#PasstheTicket
, that leverages
#mimikatz
&
#Rubeus
to export & perform a pass-the-ticket attack; used to laterally move across an enviro. These are hard to detect & remediate entirely, letting adversaries to 🪰 under the radar.
Learn more:
#ttps
Last month,
@matterpreter
helped dispel the illusion that is the modern
#EDR
.
🤔 From false positive ratios to enhancing your detection queries, get the answers to the top questions attendees were asking during our live stream:
Our attack chains, which mimic the most advanced real-world cyberattacks, are being posted on our website each week on
#TTPtuesday
. They can be safely used to test your internal defenses with Prelude Operator.
#preludeoperator
Friday's Verified Security Test is avail on Git + Prelude CLI:
Will your computer quarantine oRAT
#Malware
?
Safely test your
#EDR
/AV in seconds 🥼
1) pip3 install prelude-cli
2) prelude --interactive
Git:
Docs:
#macos
#infosec
Here's the experience of authoring a security test in Build. It's a simple example written in C for
#macOS
, "does sudo require a password?". Learn how to ✍️ tests in your preferred language & intended os/architecture using our docs:
#infosec
#macadmins
Happy
#VerifiedFriday
!
We've published a trio of NEW Verified Security Tests (VSTs) for this week - all of them available on GitHub and in the platform. 🧵
VST repo:
Console:
#infosec
#TTPs
This Thursday March 2nd, Specters will be presenting "Grand Theft API" in the Prelude community discord at 7 PM EST. Everyone is welcome to drop by for a chat and to learn about car
#hacking
!! This talk will not be recorded!
#infosec
Enjoy working with
#blueteam
and
#redteam
tools? Interested in adversarial behavior? Come join our team of security intelligence and testing experts. Learn more about Prelude and our open roles here:
#hiring
#infosec
@MrUn1k0d3r
We're making a scheduling change for this session and moving it to next week.
@MrUn1k0d3r
's live stream will be taking place on Tuesday, March 14th at 7pm EST.
Ohori Park 🤝 Fukuoka Castle 🤝
@matterpreter
's Presentation
Three things you should check out while you're in Japan for
#FIRSTCON24
next week. See how you can connect with Prelude while you're there:
We hope you enjoyed the long weekend! For this week's
#TTP
release, we have two more of
#CISA
's "2021 Top Malware Strains". Check if your machine can detect
#Remcos
and
#Ursnif
malware procedures. Check it out on the Prelude Chains Website!
We're proud to share that Prelude has been named the winner of Cyber Defense Magazine's Top
#InfoSec
Award in the Cutting Edge Cybersecurity Startup category 🏆
Big thanks to our users, customers, and the Prelude team.
Learn more➡️
Today, we are releasing SCwipe ransomware chain for
#TTPTuesday
! A unique
#SwiftLang
ransomware for
#macOS
developed by our very own
@privateducky
and
@SThomps
. Try it today in your environment using Prelude Operator! See how it works in our YT video.
Gain exposure to offensive security concepts and practical red team skills with Pink Badge.
Free four-week training program.
Launching next week.
Register now.
#preludeoperator
#pinkbadge
Start your week off with a new episode of 0verture! EP9 is all about technical hiring with
@Xanthonus
@khyberspache
and
@ptiglias
. Listen to it on all major podcasting platforms!
TTP Tuesday is different! We are introducing multi-week themes to create cohesive stories and provide insight on what we are building.
Check it out here:
You can implement continuous security testing to your endpoints in 6 minutes or less.
To prove it, here's a 6min demo of Prelude Detect 1.3.0.
#Blueteam
#ThreatIntelligence
#Ransomware
What's new with our detection & response testing platform? Come see for yourself in our Discord on 1/22 at 1:30pm ET as we walkthrough Prelude Detect 1.6.0 with
@matterpreter
+ our VP/Product.
🔗 to Discord event:
#infosec
#blueteam
POV: Prelude automatically feeding
#QuakBot
test efficacy data to
@CrowdStrike
, completing the auto-hardening loop.
Create a free account to continuously test (& auto-harden) 25 prod endpoints, for free 🧪
#blueteam
#malware
#infosec
The documentation for Build is live! Here are some instructions on getting started with Build's user interface and(/or) the Prelude CLI.
#infosec
#cybersecurity
Head to our Discord's Release channel and cast your vote to determine the malicious filetype of next week's Verified Security Test:
1️⃣ dll
2️⃣ doc
3️⃣ js
4️⃣ msi
#infosec
#malware
#ttps
Are your defensive controls working as expected?
“You sure about that?”
Swing by to meet us at
#BlackHat
Booth SC411 to chat about testing and self-healing your defenses (at scale).
Oh, and grab some of
@techyteachme
’s stickers.
Prelude CTO,
@privateducky
, will be joining
@MrUn1k0d3r
's Discord at the top of the hour to give a guided introduction to continuous security testing🧪
#infosec
This week's
#TTP
Tuesday contains two
#CVE
TTPs, one for Confluence Server and the other for Apache Spark. A couple clicks can let you know if these CVEs are exploitable on your systems. Check it out on the Prelude Chains website!