Operator is an autonomous red team C2 platform, built by Prelude. It is designed for red, purple and blue teamers to conduct realistic threat assessments. Using the desktop application, you can deploy agents on remote computers and launch custom adversary profiles against them to identify the holes that antivirus programs & vulnerability scanners are not designed to locate.
Watch our quick introduction video
You can download the latest copy of the application here, for either MacOS, Windows or Linux.
Did you know that the team at Prelude runs free red team training programs as part of our open-source outreach? We teach IT/InfoSec/DevOps/defenders/software engineers how to red team, so they can apply practical techniques to their day jobs. Check out the Pink Badge for more details.
This repository contains the following:
- Known bugs & feature requests (check the issue tab)
- All open-source plugins, which are separate components you can install inside Operator
- A collection of tools which work with the Operator ecosystem
- Standalone python servers - called translators - which accept agent beacons over one protocol and translate them into an Operator protocol (usually HTTP) so you can build your own supported protocols.
The Prelude development & security teams run several supporting resources for the community:
- A Discord server to interact with the team.
- A YouTube video library containing tutorials and use-cases.
- A blog, where we post on general security and specific Operator topics.
- Pneuma: A cross-platform GoLang agent that connects to Operator and executes attacks.
- Community: A collection of ATT&CK-classified procedures which Operator can send to agents, like Pneuma, to execute.