ZAIUX™: the only AI automated Pentest

An intelligent solution that, thanks to our DPZR™ engine, continuously verifies the resilience of IT infrastructures against internal threats and generates Remediation Plans referring to the MITRE ATT&CK® framework, thus reducing execution time by more than 50% compared to a traditional Penetration Test.

ZAIUX offers a sophisticated Internal Penetration Test for infrastructures, concretely employing Artificial Intelligence and Machine Learning for unsupervised learning and resources allocation based on mathematical optimization to execute automated hacking processes. Creation and automation of Jobs, Lateral Movement, Privilege Escalation, Machine Learning for behavioral analysis and attack planning, Cloud Hashcracking, Reporting and Remediation Plan are but some of the main features of this software.

How does it work?

ZAIUX makes it possible, for the first time, to perform a complete Internal Penetration Test in a Microsoft Active Directory environment with a “thinking” software, exploiting an always up-to-date range of the most modern and advanced hacking techniques, executed in stealth mode emulating a human approach. Automation is managed by the DPZR™ engine that includes Machine Learning algorithms specially conceived by our expert team to emulate human intelligence, breaking the time barrier of manual execution.

Thanks to Artificial Intelligence our adaptive algorithms shape the response of the system depending on the attack surfaces that emerge from scans, all in a continuous and automated fashion.

ZAIUX consists of a VM and a Cloud platform that exchanges anonymized information with the DPZR™ engine to plan the necessary actions for the Penetration Test execution, without the need to install any agent on the end-points.

ZAIUX executes the most sophisticated attack techniques, among which:

  • Lateral Movement
  • Privilege Escalation
  • Hash Dumping
  • AD Exploitation through AD Object Misconfigurations and Delegation
  • Remote Code Execution via Microsoft native protocols
  • HIPS & AVs bypass
  • Pass-the-Hash
  • Pass-the-Ticket
  • SMB Relay & LLMNR Poisoning
  • Cloud Hashcracking
  • Password Spraying

How we use Artificial Intelligence with ZAIUX™

The effectiveness of a Penetration Test depends not only on the hacking techniques used, but also on the ability to perform them at the right time.

Behavioral analysis

Thanks to the proprietary Machine Learning models integrated into the DPZR™ engine, ZAIUX™ learns in real time the behavior of the network and carries out the attacks with an ad-hoc approach, as a human ethical hacker would.

Planning

The use of optimization and heuristic search techniques allows ZAIUX™ to autonomously orchestrate attacks depending on the context, overcoming the manual approach in terms of efficiency without sacrificing effectiveness.

A unique and essential solution

There are many reasons that make ZAIUX the most suitable solution for your infrastructure.

Ease of use

ZAIUX is distributed as an out-of-the-box Linux VM. You only need to connect to its web interface to start the execution of an Internal Penetration Test and get a detailed report with just a few clicks, without the need to install any agent on the end-points.

A Virtual Red Team at your service

The DPZR™ engine allows ZAIUX to run many parallel and orchestrated attack techniques, detecting and exploiting vulnerabilities in the target network, improving execution time by up to 50% compared to a manual Penetration Test.

No false positives

Unlike a Vulnerability Assessment, an Internal Penetration Test performed by ZAIUX highlights critical issues which could concretely be exploited by an attacker, prioritizing in this way corrective actions with an ad-hoc generated Remediation Plan.

Clear and optimized reporting

The report generated by ZAIUX shows successful attacks in a step-by-step, chronological order, pointing out affected targets, impacted credentials and all information gathered by an attack. The Remediation Plan is based on the MITRE ATT&CK® framework, thus explaining attack features and possible countermeasures in order to mitigate risk.

The limits of the old Penetration Test paradigm

Penetration Test (PT) is an operational process of security analysis in an IT network, in which weaknesses are brought out and exploited to execute real attacks on corporate assets. The aim is, with an ethical attitude, to acquire as much information as possible on the vulnerabilities which can be exploited by possible attackers to gain real access to the network. Generally, a PT is manually carried out by professionals with particular and rare skills, better if supported by appropriate Professional Certifications. It is also necessary to trust these professionals, which must guarantee an ethical spirit even before a professional one.

Another limitation of manual PT activity is the constant race against time: an attack simulation can last even several weeks, depending on the size of the target infrastructures. That is why companies do not often perform this kind of activity, thereby giving up the opportunity of a pre-emptive approach to Cybersecurity. ZAIUX is conceived to overcome these limits, enabling the access to high Cybersecurity standards for every company, as required by art. 32 of the GDPR regulation (EU) n. 2016/679, where technical and organizational measures for the security of data processing are specified (art. 1, letter a-d).

Credits

Website design and development:
EVO STUDIOS – BRESCIA