Technology Assessment
Analytical capabilities with vulnerability detection and client security testing – Run your own hack attack without doing harm! Find out if your IT infrastructure is secure. Discover possible vulnerabilities and go even further with LUCY than you can with any other tool to realize just how far an intruder could likewise go. LUCY contains custom client vulnerability detection routines developed and used by our own penetration testers countless times. Client security testing is used to determine the posture of browsers installed in the organization. It checks if there are hooks, which can be used by attackers, and determines to what degree they could be exploited. All these actions are monitored by the SysAdmin. Regular users do not have access to these features and no data is transmitted anywhere if you do not want it to be.
Active technology assessment through Malware Simulation, Client Security Testing and the Penetration Test Kit – It is difficult to think and to act like a hacker when you are not used to it. Most malicious exploits either have their roots in a simple, easily identifiable misconfiguration of clients, e.g. PCs, or in the creativity of the intruder. LUCY’s Malware Simulation goes through a long list of client configuration items and checks if they are set correctly. Unlike the Malware Simulation, which tries to harvest low-hanging fruit, the Penetration Test Kit allows users to simulate highly sophisticated and complex threat scenarios. It can thus be assessed to what extent attacks like the Sony Hack or the Carbanak APT Case would be possible.
Dropper functionality for senior assessors – Experts often stress a special area of IT security: the possibility of deploying and executing malicious code within the internal secured network. All real attacks possess three main phases in common. The first step introduces malicious code into the network. Next, the code executes in a manner that goes unnoticed. The final step retrieves the captured data from the network. LUCY provides dedicated dropper functionality in order to assess how and to what extent the code can be introduced into the organization and executed. In order to ensure the safety of this solution, only exclusive LUCY executables are, or can be, used.