Visual Studio integration

Leveraging the Prelude CLI inside a familiar IDE

The Prelude CLI can be opened within Visual Studio's built-in terminal - allowing you to create custom Verified Security Tests inside a familiar, and full-featured, editor.

Before completing this tutorial, please review the docs on Verified Security Tests (VST).

Setting up

You must first install the prelude-cli using pip3 install prelude-cli

Open your Prelude "workspace" in Visual Studio. Your workspace can be found at ~/.prelude. Then go to View -> Terminal to open the Visual Studio terminal inside your editor. Enter prelude --interactive to start the interactive mode. Finally, click into the Developer Hub where all custom test building capabilities are available.

If you do not have a Prelude account, follow the prompts to create one.

2940

Your screen should look something like this

Developing

Verified Security Tests (VST) are written in Go, so you should have the latest version of GoLang installed on your machine, along with any helpful linting plugins in Visual Studio.

Creating your first test

To write your first VST, select "Create new test" from the CLI and follow the prompts to add a name and optional classification (ATT&CK, CVE, etc).

VST names should answer a specific question, aimed at testing the defenses on a host. A few examples are shown below:

  • Will my computer quarantine a malicious ELF file?
  • Is the outbound firewall working?
  • Is Netcat installed and operational?
  • Does this host have plain-text credentials in RAM?

Every test is assigned a random UUID upon creation, so you'll notice the test popping into the directory tree on the left. Each test is contained inside a directory, which can store the source code file for the test along with any additional files needed (README, files compiled into the source code, etc).

Clicking open the source code of your new test, notice that it contains the template code for a VST:

package main

import (
    "github.com/preludeorg/test/endpoint"
)

func test() {
    Endpoint.Stop(100)
}

func clean() {
    Endpoint.Stop(100)
}

func main() {
    Endpoint.Start(test, clean)
}

You can now customize your test to perform whatever behavior you want.

Uploading your test

In order to schedule your new test for your probes, you first have to upload it to the Prelude Service.

Uploading stores the test in a private cloud directory that only you, and any users you add to your account, can access.

Upload your test by selecting "Upload" in the Developer Hub of the CLI and following the prompts. The upload performs the following actions:

  • All files inside your test directory, not just the source code file, will be pushed to your cloud directory
  • The source code is then sent to the Prelude Compute service, which compiles the code for every applicable operating system and stores the final binaries in your cloud directory (which are the artifacts that probes download and execute).

Downloading tests

At any time, you can download tests to your ~/.prelude workspace through the Developer Hub. Downloaded tests will include the source code and any other files you uploaded with them. Think of downloading as git clone.

While Prelude-supplied tests are downloadable, you cannot upload a modified version of them unless you change their identifier - effectively creating a new (forked) test.

Deleting tests

You can delete a test from the Developer Hub, which is an irreversible action.