Develop Verified Security Tests from idea to production, immediately.

Prelude Build is an easy-to-use IDE, purpose-built for authoring, testing and verifying security tests for use in real environments.

Prelude Build was developed by the security team at Prelude, who originally developed Operator - the first desktop application focused on realistic security assessments. Developing attack chains for Operator led to the realization that the process of writing, testing, deploying and verifying the efficacy of TTPs is highly flawed and inconsistent.

Security tests must perform exactly as you expect them to, every time - for assurance on the data, or intelligence, that comes out of the test. We developed Build with this specific purpose in mind - to give security engineers complete assurance that when a test executes against a machine, the intelligence coming back can be trusted, and ultimately used to make better security decisions. 

Features

01

Production Environments, meet Verified Security Tests.

Purple teamers are trained to write TTPs: modular pieces of code built to engage detection engineering rules. Graduate into production with Verified Security Tests. Each test goes through a rigorous validation process, enabled by starting with Prelude Build. Build sends your tests through a series of Docker containers to monitor their efficacy and safety. Each test is compiled with a clean up function to reverse any side effects during runtime.

02

Build once. Test everywhere.

Ever write a TTP on MacOS Intel but execute it on a silicon device? Between Linux, Windows and MacOS, it can be difficult to know where your tests will work. Build handles this automatically by intelligently compiling your code - regardless of the language - for every applicable system. Then, it concurrently tests it against a set of Docker containers to show where your code can - and cannot - be run.

03

Templatized code files for the languages you are most comfortable with.

Every programming language has unique characteristics when applied to security. Swift can compile to a tiny size. C allows you to hook into native APIs. C# provides straightforward multiplatform support. Because you should choose a language that best fits your needs, we decided Build shouldn’t have an opinion. Instead, Build provides templates in several popular languages and guides you through how to write consistent tests regardless of your choice. Each language comes packaged with custom syntax highlighting to keep your tests clean and consistent.

04

Prefer a CLI or Visual Studio? Your choice.

Our CLI provides flexibility and automation for power users. Integrate with popular IDE’s, like Visual Studio, or design your own automation to create and deploy security tests. Which will you choose?

05

Standardized output you can make sense of.

The power to create your own security tests usually comes with a trade-off: results require a security engineer to decipher them. Build solves this by wrapping each test in a series of exit codes that provide granular insight into what occurred. Want to see if the test passed? There’s an exit code for that. Want to see if it timed out or used too much CPU? There are exit codes for those too. By focusing your tests around these fine-grained codes, you can run Verified Security Tests at scale and quickly understand your security posture.

06

Open source. Always.

Prelude Build and the Prelude CLI are free and open source. Trust and transparency are cornerstones to good security. We open-sourced these tools to support our mission to increase the reach, frequency and usage of advanced security for all organizations. Prelude Build can be used to develop VSTs for use at scale using Prelude Detect.