Email & web security tools are everywhere, but how do you prove their effectiveness?
delivr.to does 3 things:
Pick from a selection of hand-crafted campaigns...
Emulates the tradecraft seen in real-world, email-based attacks i.e. NOBELIUM's use of DLL-launching LNKs packed into ISOs.
Evasion techniques such as VBA Stomping, analysis resistance measures, and alternative execution methods.
Payloads using HTML smuggling to hide executable content, i.e. .exe and .ps1 inside HTML files.
A broad range of file types, all benign, giving you an idea of which formats can reach your mailbox.
VBA macros from @S3cur3Th1sSh1t's open-source OffensiveVBA collection.
File types that can be used to deliver content that might otherwise be blocked i.e. ISOs, Zip, RAR and 7zip files.
Or send a single payload containing the latest threat intelligence sample.
A HTML file that smuggles an ISO containing an LNK, DLL and decoy PDF file. View details.
A fake Zoom client installer page, originally used to deliver IcedId malware. Downloads a benign message-box spawning executable. View details.
IcedID zipped ISO containing an LNK and a folder with a combination of BAT, JS, and DLL files. View details.
Hear what our clients have to say.
I think it’s one of the most powerful tools I’ve used. It’s allowed me to make a huge improvement [...] by allowing the testing of 100s of payloads across both links and attachments. I can’t recommend this tool enough.
delivr.to showed me exactly what could reach my users, and meant I could block a whole host of file types straight off the bat, a massive win with minimal effort.
From HTML smuggling to VBA macros, the breadth of payloads available in delivr.to is amazing. It gives me quick access to test recreated malware samples and emerging threats.
I think it’s one of the most powerful tools I’ve used. It’s allowed me to make a huge improvement [...] by allowing the testing of 100s of payloads across both links and attachments. I can’t recommend this tool enough.
delivr.to showed me exactly what could reach my users, and meant I could block a whole host of file types straight off the bat, a huge quick win when there is no dedicated security team.
I think it’s one of the most powerful tools I’ve used. It’s allowed me to make a huge improvement [...] by allowing the testing of 100s of payloads across both links and attachments. I can’t recommend this tool enough.
delivr.to showed me exactly what could reach my users, and meant I could block a whole host of file types straight off the bat, a massive win with minimal effort.
From HTML smuggling to VBA macros, the breadth of payloads available in delivr.to is amazing. It gives me quick access to test recreated malware samples and emerging threats.
See who is behind delivr.to.
3 easy steps to testing your organisation's email security controls.
Send yourself payloads ranging from:
Optionally integrate delivr.to with your O365/GSuite account and let it determine what was delivered. It'll even check the attachment to make sure it hasn't been stripped by your mail filters.
Produce rich and engaging graphics to help you measure improvement and communicate the findings.
Best for individuals who want the full power of delivr.to, without the Enterprise extras. Free for 30 days and no credit card required.
Campaign scheduling
Schedule a campaign to be sent at a point in time up to 30 days in the future.
2 validated email addresses
To prevent spam, delivr.to customers may only send email to addresses that they own. With premium, you are able to send campaigns to both the email that you register with, plus 1 other validated address, for example your organisations test account.
Results visualisation
Display the results of a campaign in various different graphical formats for easy inclusion in executive updates, and to demonstrate ROI.
Security tool integration
For those with bespoke requirements that need tailored onboarding and support, licensed on a per-seat basis. Best for those looking to automate and integrate the power of delivr.to into their Enterprise security operations stack.
Fully-customised payloads (Coming Soon)
Environment keying, custom shellcode, payloads as a service etc.
Custom SSO Integration
Integration with Okta and other SAML-based SSO providers.
Completed segregated VPC and infrastructure so that your data is as safe as it can be.
Audit logging & API access
Full immutable audit log of organisation-wide activity, and direct access to the delivr.to APIs for integration with SOAR and other 3rd party tools.
Team collaboration
Collaborate with others members of your organisation and share campaign results.
Customisable campaigns (Coming Soon)
Go beyond the default set of campaigns and build your own campaigns to emulate the threats you care about.
Let us help you find the best solution.
Contact sales© delivr.to All Rights Reserved | Legal | Privacy Policy