Including in the Email Threat Simulator module is the email harvesting feature. We scan the wider web ecosystem to quantify traces of your organisational and employee email addresses which could be harvested for spam and spear phishing.
Also known as CEO fraud, domain squatting is the process of mimicking your corporate domain with alternative, similar domains to attempt to trick employees into responding with sensitive data. Our Email Threat Simulator tests your technology infrastructure to quantify the deliverability of such emails and thereby assess vulnerability.
This feature scans your e-mail service against known vulnerabilities. It integrates with automation scanning softwares such as Nessus and Nexpose as well as with third party services such as Mxtoolbox.
Client Side Attacks
Attacks that target vulnerabilities in client applications, forcing them to interact with a malicious server or process malicious data. Our Email Threat Simulator tests the detection and delivery of such attacks.
Our Email Threat Simulator contains known harmful substances in email attachments. Harmful attachments not recognised by anti-viruses are also available and they are expected to be detected by behaviour analysis. This feature integrates with the Metasploit penetration testing tool and various other third party services.
Ransomware is a type of malicious software that blocks access to the victim’s data or threatens to publish or delete it until a ransom is paid. Our Email Threat Simulation contains annotations that simulate known ransomwares and their actions.
Our Email Threat Simulation inspects your infrastructure to test for known and frequently misconfigured functions in your email services. Additionally, it also has test scenarios to determine sub-optimal configuration and make best practice recommendations.
Our Email Threat Simulator includes penetration tests that contain a link or abusive piece of code that exploits the known vulnerabilities of internet browsers.
File Format Exploits
Many popular file formats (pdf, mp4, html, doc, etc.) can contain exploits. The Email Threat Simulator contains all these known file format exploits and integrates with the Metasploit penetration testing tool and various other third party services.