ZAIUX® Evo: your next Internal Penetration Test will be a Breach & Attack Simulation (BAS)

Our project ZAIUX® evolves in ZAIUX® Evo: a Full Cloud solution, designed for MSSPs, that automates Command and Control (C2) attack activities, generating false positive-free reports featuring Remediation Plans.

The Evolutions of ZAIUX® Evo

Follow the development and don’t miss out on all the new features.

v2.6.1
2024-04-04
v2.6.0
2024-03-16
v2.5.2
2024-03-06

The most realistic Breach and Attack Simulation Software with AI

ZAIUX® Evo provides to IT infrastructures a sophisticated service of Breach and Attack Simulation (BAS) which, employing Artificial Intelligence to allocate resources through mathematical optimization, executes automatized ethical hacking processes, concretely testing security holes in the target network.

Unlike an Internal Penetration Test, which limits itself to executing techniques within the network, our BAS emulates a real intrusion. That means that the whole defense chain is validated against a targeted attack coming from the outside, which brings out all vulnerabilities both in Privilege Escalation prevention within the domain and in data exfiltration protection.

Software strengths

Realistic

ZAIUX® Evo simulates a hacker attack in MS Active Directory environments, under real conditions, without the need of creating exclusion rules in firewalls or other defense systems, while avoiding the production of detectable traffic levels in the network.

Full Cloud

Thanks to the centralized Cloud platform, every BAS exploits the latest updates. Moreover, the simulation is conducted from outside the network, as in a real-world attack.

MSSP-ready

ZAIUX® Evo lets you manage the Cloud platform users and the target networks with high flexibility. Multiple BAS can be executed simultaneously on different sites.

Agentless

The First Stage package of ZAIUX® Evo works like an actual malware, leaving no traces at the end of the BAS. Neither probes in the network nor agents on the endpoints are required.

Simple

It is sufficient to configure a simulation from the Dashboard and run the First Stage package in the target network: ZAIUX® Evo autonomously executes the BAS in a few hours, until the generation of the final report.

AI-driven

Thanks to the artificial intelligence inside the DPZR™ engine, the ZAIUX® Evo virtual Red Team can orchestrate and execute various attack techniques simultaneously, adopting a realistic and optimized approach.

Clear reporting

The customizable report shows the successful attacks and the related impact on network assets, mapping them on the MITRE ATT&CK® framework for better insights on their characteristics and possible countermeasures.

No false positives

A BAS executed by ZAIUX® Evo, differently from a VA or a PT, highlights the real criticalities that could be exploited by an expert attacker, prioritizing corrective actions with a Remediation Plan.

Integrable

Thanks to the API it is possible to integrate ZAIUX® Evo with other software solutions, letting you programmatically manage the creation and monitoring of the BAS, the download of the report and even more.

How does our software for BAS work?

ZAIUX® Evo makes it possible, for the first time, to perform a complete and realistic simulation of an intrusion in a MS Active Directory environment with an intelligent solution, exploiting a regularly updated range of the most modern and advanced hacking techniques, run in stealth mode to emulate a human approach. Automation is managed by the DPZR™ engine that includes Machine Learning algorithms specially developed by our team of experts to emulate human intelligence, breaking down the time barrier of manual execution.

Through Artificial Intelligence the adaptive algorithms, which we developed, shape the system’s response according to the attack surfaces emerging from the scans, all in a fully automated way.

ZAIUX® Evo is an intelligent Full Cloud platform which generates, for each assessment, an isolate sandbox, associated with an initialization package which can be directly executed from any endpoint of the target network, without installing any agent.

ZAIUX® Evo executes sophisticated attack techniques, among which:

  • EDR/XDR Evasion out-of-the-box
  • C2 communication via HTTPS + SMB Pivoting
  • AD Health check
  • Ransomware Simulation
  • Lateral Movement
  • Privilege Escalation
  • In-Process .NET Assembly execution
  • Active Directory misconfiguration leveraging

How Artificial Intelligence is used with ZAIUX®Evo

The effectiveness of a Breach & Attack Simulation depends not only on the employed hacking techniques, but also on the ability to combine them in a realistic scenario.

Dynamic Analysis

Thanks to our proprietary Machine Learning models, integrated into the DPZR engine, ZAIUX® Evo learns in real time the behavioral patterns of the users in the network and performs attacks using an ad-hoc approach, just like a human ethical hacker.

Planning

Using optimization and heuristic search technique allows ZAIUX® Evo to autonomously manage and run context-based attacks, faster than manual execution and with the same effectiveness.

Combine the strength of automation with the accuracy of human expertise!

In this short video we will show you how to combine ZAIUX® Evo & ZAIUX® Framework to obtain the best results during your Penetration Tests or Red Team Engagements.

ZAIUX® Evo now provides the capability to specify your ZAIUX® Framework Command & Control endpoint, in order to automatically migrate every implant spawned by ZAIUX® Evo to your on-premises ZAIUX® Framework console. This will enable the penetration testers to continue the activity manually when the BAS is completed.

Find out more about ZAIUX

Do you want more information about ZAIUX®Evo, free Trial or licenses?
Fill out the form, we will reply as soon as possible.

Please, insert a valid name
Please, insert a valid surname
Please, insert a valid Email
Emails do not match
Please, insert a valid Company name
Please select one
Please enter a valid website
Insert a valid VAT number
Insert a valid address
Please, insert a message