Validate your email and web security.

Email & web security tools are everywhere, but how do you prove their effectiveness?

delivr.to does 3 things:

  • Hosts a repository of 500+ payloads, inc. the latest threat intelligence samples
  • Tests your email security tools to show what attachments & links would reach your inbox
  • Tests your web filters to show what downloads would reach your desktop (Coming soon)

Campaigns

Pick from a selection of hand-crafted campaigns...

Threat Intelligence

Emulates the tradecraft seen in real-world, email-based attacks i.e. NOBELIUM's use of DLL-launching LNKs packed into ISOs.

How we can help you

Defence Evasion

Evasion techniques such as VBA Stomping, analysis resistance measures, and alternative execution methods.

How we can help you

HTML Smuggling

Payloads using HTML smuggling to hide executable content, i.e. .exe and .ps1 inside HTML files.

How we can help you

File Types

A broad range of file types, all benign, giving you an idea of which formats can reach your mailbox.

How we can help you

OffensiveVBA

VBA macros from @S3cur3Th1sSh1t's open-source OffensiveVBA collection.

How we can help you

Containers

File types that can be used to deliver content that might otherwise be blocked i.e. ISOs, Zip, RAR and 7zip files.

How we can help you

Payloads

Or send a single payload containing the latest threat intelligence sample.

Nobelium

A HTML file that smuggles an ISO containing an LNK, DLL and decoy PDF file. View details.

How we can help you

Zoom Installer

A fake Zoom client installer page, originally used to deliver IcedId malware. Downloads a benign message-box spawning executable. View details.

How we can help you

IcedID

IcedID zipped ISO containing an LNK and a folder with a combination of BAT, JS, and DLL files. View details.

How we can help you

Testimonials

Hear what our clients have to say.

I think it’s one of the most powerful tools I’ve used. It’s allowed me to make a huge improvement [...] by allowing the testing of 100s of payloads across both links and attachments. I can’t recommend this tool enough.

Steve Townsley
Head of Information Security

delivr.to showed me exactly what could reach my users, and meant I could block a whole host of file types straight off the bat, a massive win with minimal effort.

Morgan Sadr-Hashemi
Chief Product & Technology Officer

From HTML smuggling to VBA macros, the breadth of payloads available in delivr.to is amazing. It gives me quick access to test recreated malware samples and emerging threats.

Riccardo Ancarani
Principal Security Consultant

I think it’s one of the most powerful tools I’ve used. It’s allowed me to make a huge improvement [...] by allowing the testing of 100s of payloads across both links and attachments. I can’t recommend this tool enough.

Steve Townsley
Head of Information Security

delivr.to showed me exactly what could reach my users, and meant I could block a whole host of file types straight off the bat, a huge quick win when there is no dedicated security team.

Morgan Sadr-Hashemi
Chief Product & Technology Officer

I think it’s one of the most powerful tools I’ve used. It’s allowed me to make a huge improvement [...] by allowing the testing of 100s of payloads across both links and attachments. I can’t recommend this tool enough.

Steve Townsley
Head of Information Security

delivr.to showed me exactly what could reach my users, and meant I could block a whole host of file types straight off the bat, a massive win with minimal effort.

Morgan Sadr-Hashemi
Chief Product & Technology Officer

From HTML smuggling to VBA macros, the breadth of payloads available in delivr.to is amazing. It gives me quick access to test recreated malware samples and emerging threats.

Riccardo Ancarani
Principal Security Consultant

Meet the Team

See who is behind delivr.to.

James Coote
Co-founder

James has a decade of experience delivering attack simulation and purple teaming services, and has spoken on the topic at conferences such as Blackhat, Defcon & TROOPERS. He was also a member of the UK Armed Force's Joint Cyber Unit.

Alfie Champion
Co-founder

Alfie specialises in delivering attack detection and adversary emulation services. He works with organisations to uplift and validate their detective capability through red or purple team engagements, and has spoken at BlackHat, RSA and Blue Team Con.

How it works

3 easy steps to testing your organisation's email security controls.

Pick your payloads

Send yourself payloads ranging from:

  • 100+ benign file types
  • Macro-enabled Office documents
  • The latest threat-intel examples
01
02

Send your campaign

Optionally integrate delivr.to with your O365/GSuite account and let it determine what was delivered. It'll even check the attachment to make sure it hasn't been stripped by your mail filters.

Visualise the results

Produce rich and engaging graphics to help you measure improvement and communicate the findings.

03

Pricing

Premium

Best for individuals who want the full power of delivr.to, without the Enterprise extras. Free for 30 days and no credit card required.

FREE 🔥
(for 30 days, then £99/month)

Start Trial
  • Unlimited campaigns
  • All payloads
  • 2000 emails per day

Enterprise

For those with bespoke requirements that need tailored onboarding and support, licensed on a per-seat basis. Best for those looking to automate and integrate the power of delivr.to into their Enterprise security operations stack.

Contact Sales
  • Unlimited*
500+
Available payloads
100+
File types
800+
Campaigns sent
18k
Emails sent

Not sure which plan is right for you?

Let us help you find the best solution.

Contact sales