FAQ
What is the Nday AttackN platform?
Our continuous bug-hunting platform, known as AttackN, combines AI-powered scans with human expertise. Our operation runs cyclical, uncovering web application flaws missed by other tools. It checks default/weak passwords on all applications and scans for traditional network service flaws, ensuring comprehensive coverage and proactive defense against potential threats. Our human operators triage and validate the findings using a real-time dashboard. We use multiple overlapping tools for complete coverage, ensuring a proactive and robust defense strategy against potential threats. This approach keeps us ahead in the ever-evolving cybersecurity landscape, effectively safeguarding your systems and data.
What is the Nday PhishN and SmishN platform?
Our platform operates as a fully automated end-user phishing service that diligently engages in targeted campaigns for the duration of seven calendar days upon purchase. It is important to emphasize that each campaign will encompass the exact quantity of emails specified during the purchase process. Should additional emails be provided, the file will be adjusted accordingly to align with the purchased quantity.
How do you safe guard against misuse?
To ensure the utmost effectiveness and adherence to our stringent security measures, we kindly request that the purchasing email address align with the domain of the target emails offered. Any deviations in this regard will result in the rejection of the order, without necessitating further communication. It is crucial to note that our platform strictly prohibits any usage for malicious activities. Should you require any special considerations or have specific requirements, we encourage you to reach out to us prior to purchasing a package.
What data do you need for a campaign, and why?
It is imperative that you provide a CSV file containing the email addresses, first names, last names, and departments of the intended targets. These attributes are vital for facilitating the phishing process and generating comprehensive reports. Failure to provide the aforementioned attributes may result in a diminished user experience and a less comprehensive report.
What are the BEC deliverables and how will I get them?
Upon completion of the campaign, a proprietary Phishing Insight Report (PIR) will be generated in HTML format. A link to access the report will be sent to the email address provided during the purchase. It is important to bear in mind that the report will be available for a duration of thirty days from the conclusion of the campaign. If historical access is desired, we recommend saving the file locally for future reference.
What are the BAC deliverables and how will I get them?
Upon completion of the campaign, a proprietary Smishing Insight Report (SIR) will be generated in HTML format. A link to access the report will be sent to the email address provided during the purchase. It is important to bear in mind that the report will be available for a duration of thirty days from the conclusion of the campaign. If historical access is desired, we recommend saving the file locally for future reference.
What are the pentesting deliverables and how will I get them?
Upon completion of a pentestion test, a detailed report will be generated in PDF format. A link to access the report will be sent to the email address provided during the purchase. It is important to bear in mind that the report will be available for a duration of thirty days from the conclusion of project. If historical access is desired, we recommend saving the file locally for future reference.
How can I see an example of the included security awareness training?
Our training program aims to provide comprehensive education on electronic social engineering, specifically phishing attacks. It begins by defining the who, what, how, and why of phishing, ensuring personnel have a solid understanding of the subject.
The training emphasizes the importance of recognizing the characteristics and red flags of phishing emails. Participants learn to scrutinize sender email addresses, identify suspicious links, pay attention to grammar mistakes, and be cautious of scare or pressure tactics commonly used in phishing attacks.
We cover suggested actions and steps to take when faced with the daily decisions of which emails to interact with and which to avoid. This includes verifying suspicious links before clicking on them, being vigilant in recognizing and avoiding suspicious email attachments, and being cautious of fake websites that request sensitive information.
By providing personnel with the knowledge and tools to identify and combat phishing attacks, our training empowers them to make informed decisions and protect sensitive information.