ZAIUX® Evo: your next Internal Penetration Test will be a Breach & Attack Simulation (BAS)

Our project ZAIUX® evolves in ZAIUX® Evo: a Full Cloud solution, designed for MSSPs, that automates Command and Control (C2) attack activities, generating false positive-free reports featuring Remediation Plans.

Available from Q1 2023

The most realistic Breach and Attack Simulation Software with AI

ZAIUX® Evo provides to IT infrastructures a sophisticated service of Breach and Attack Simulation (BAS) which, employing Artificial Intelligence to allocate resources through mathematical optimization, executes automatized ethical hacking processes, concretely testing security holes in the target network.

Unlike an Internal Penetration Test, which limits itself to executing techniques within the network, our BAS emulates a real intrusion. That means that the whole defense chain is validated against a targeted attack coming from the outside, which brings out all vulnerabilities both in Privilege Escalation prevention within the domain and in data exfiltration protection.

How does our software for BAS work?

ZAIUX® Evo makes it possible, for the first time, to perform a complete and realistic simulation of an intrusion in a MS Active Directory environment with an intelligent solution, exploiting a regularly updated range of the most modern and advanced hacking techniques, run in stealth mode to emulate a human approach. Automation is managed by the DPZR™ engine that includes Machine Learning algorithms specially developed by our team of experts to emulate human intelligence, breaking down the time barrier of manual execution.

Through Artificial Intelligence the adaptive algorithms, which we developed, shape the system’s response according to the attack surfaces emerging from the scans, all in a fully automated way.

ZAIUX® Evo is an intelligent Full Cloud platform which generates, for each assessment, an isolate sandbox, associated with an initialization package which can be directly executed from any endpoint of the target network, without installing any agent.

ZAIUX® Evo executes sophisticated attack techniques, among which:

  • EDR/XDR Evasion out-of-the-box
    • Dynamic SSN Resolution on the fly
    • Indirect System Calls
    • Unhook EDR Userland Hooks
    • Regularly updated custom Loaders & Implants
    • Sleep Obfuscation
    • Thread Stack Spoofing
    • Patchless AMSI & ETW Evasion via Hardware-Breakpoints
  • C2 communication via HTTPS + SMB Pivoting
  • Lateral Movement
  • Privilege Escalation
  • In-Process .NET Assembly execution
  • Active Directory misconfiguration leveraging

How Artificial Intelligence is used with ZAIUX®Evo

The effectiveness of a Breach & Attack Simulation depends not only on the employed hacking techniques, but also on the ability to combine them in a realistic scenario.

Dynamic Analysis

Thanks to our proprietary Machine Learning models, integrated into the DPZR engine, ZAIUX® Evo learns in real time the behavioral patterns of the users in the network and performs attacks using an ad-hoc approach, just like a human ethical hacker.

Planning

Using optimization and heuristic search technique allows ZAIUX® Evo to autonomously manage and run context-based attacks, faster than manual execution and with the same effectiveness.

A unique and brilliant solution for Cybersecurity

Many are the reasons why ZAIUX® Evo is the must-have solution for your infrastructure.

Ease of use

ZAIUX® Evo is a cloud-based solution, managed by a MSSP portal: you just have to configurate a customized simulation in the Web interface and to launch the First Stage package in the target network. Afterwards, you will be able to monitor the execution from the dashboard and to receive a detailed report, without installing any agents on the endpoints or create exclusion rules in firewalls or other defense systems.

A Virtual Red Team at your service

ZAIUX® Evo is a cloud-based solution, managed by a MSSP portal: you just have to configurate a customized simulation in the Web interface and to launch the First Stage package in the target network. Afterwards, you will be able to monitor the execution from the dashboard and to receive a detailed report, without installing any agents on the endpoints or create exclusion rules in firewalls or other defense systems.

No false positives

Unlike a Vulnerability Assessment or a Penetration Test, a BAS executed by ZAIUX® Evo highlights those weaknesses that could concretely be exploited by an experienced attacker. All this makes it possible to prioritize corrective measures through an ad-hoc generated Remediation Plan.

Clear and optimized reporting

The generated reporting includes, step-by-step and in chronological order, all successfully performed attacks, and highlights the affected targets, the impacted credentials and all information gained from the attack. The Remediation Plan in based on the MITRE ATT&CK® framework, thanks to which the attack features and the possible countermeasures to mitigate risks are explained.

Find out more about ZAIUX

Do you want more information about ZAIUX®Evo?
Fill out the form, we will reply as soon as possible.

Please, insert a valid name
Please, insert a valid surname
Please, insert a valid Email
Emails do not match
Please, insert a valid Company name
Please select one
Please, insert a message