Lucy comes with a comprehensive collection of more than 500 attack simulation templates covering various types of attacks. The templates range from straightforward exercises featuring clear spelling mistakes to more intricate simulations involving complex double barrel and file-based attacks. Designed to mimic both real-world scenarios from known brands and hypothetical situations.
Attack Template Variations
This type of simulation targets users' ability to recognize malicious links. It involves crafting emails or messages that include hyperlinks leading to unsafe websites.
The goal is to educate users on the dangers of clicking on unknown links and to improve their ability to identify suspicious or malicious hyperlinks.
The attack is deemed successful the moment a user clicks on a hyperlink contained within the simulated email.
This simulation exposes users to scenarios where attackers use compromised or malicious websites to gain access to sensitive information or to infect users' systems with malware.
It teaches users to navigate the web more securely, emphasizing the importance of verifying the legitimacy of websites and the risks of entering personal information into untrusted web pages.
The attack is deemed successful the moment a user enters data on a simulated website landing page.
In this attack type, users are presented with files that appear benign but contain malicious payloads.
These files come in various formats, such as Excel/Word Macros, PDFs, SVG or executables, and are typically distributed via email attachments or landing page downloads.
The objective is to train users to be wary of opening or downloading files from unverified sources and to recognize signs of potentially malicious files.
The attack is deemed successful the moment a user either downloads the file or executes the payload.
Mixed attacks involve a sequence where an email prompts a user to log into a fake portal for credential harvesting.
The user then downloads and executes a file, often containing ransomware, as the final success phase of the attack. This simulation trains users to recognize and mitigate multi-step cyber threats, emphasizing the critical need for cautious interaction with emails and websites, and the importance of verifying sources before downloading and executing files.
The attack is considered successful when the user executes the ransomware payload.
This attack type involves the use of physical media devices, such as USB drives or Rubber Ducky's, that are infected with malware.
It aims to educate users about the risks associated with connecting unknown or unsolicited portable media to their devices.
The focus is on raising awareness of the potential for these devices to bypass network security measures and directly introduce malware into systems.
The attack is deemed successful the moment a user either runs an executable from a USB or inserts a Rubber Ducky with the potential to act as a keylogger.
Attack Template Directory Navigation
Accessing Templates -> Attack Templates displays all the attack templates available on your current server. You can view your installed templates as well as browse for templates to download.
Filtering
With Lucy's extensive template repository, using filters is advantageous to identify which templates are automatically translated into your preferred languages, relevance to your target audiences, category, or difficulty level.
The language filter displays all templates available in the chosen languages. Initially, only a subset of 10 languages is shown by default.
To locate languages not listed, utilize the language search bar.
The type filter enables you to categorize and view all attacks by their predefined attack type. For instance, selecting the filter for Hyperlink attacks will display all the templates associated with this specific type of attack.
For comprehensive instructions on Attack Types, please refer to our guide titled "Attack Types"
The target audience filter helps you find all attack templates relevant to the specific group within your organization you are aiming to train or evaluate. Some attacks are tailor-made for technical staff like developers or system administrators, while others are suited for corporate users, including C-level executives.
The category filter helps you refine your search to attack templates based on their fundamental attack objective. For instance, choosing Social Media as a category will show all templates related to platforms such as Facebook, Twitter, WhatsApp, and others.
The difficulty filter organizes attack templates by their perceived complexity. For instance, templates featuring intentional spelling mistakes and minor branding alterations might be classified as "Low Level," indicating they are easier to identify by the end user. Conversely, templates that include nearly identical landing pages designed to mimic legitimate entities, such as Microsoft, are categorized as "High Level," reflecting their greater challenge in detection.
By default, templates are not assigned a Difficulty level since this classification can be subjective and dependent on the security posture of the organization in question. Manual classification is required during the template editing process to reflect an organization's specific security considerations.
Search, Actions, and Sorting
The upper bar in the template directory offers functionalities such as search, the ability to perform actions specific to templates, and options to sort the displayed results.
The Search bar functions as a global search tool, allowing you to retrieve all templates that match your specified keywords.
Copy: Duplicate the selected template within the directory.
Restore: Import a previous Backup template.
Backup: Create a save point for the selected template to preserve its current state as a downloadable backup.
Delete: Permanently remove the selected template from the directory.
By default, templates are sorted from newest to oldest. However, you can choose to sort them alphabetically, by the date they were added, or by the date they were last customized.
This display toggle allows you to switch between viewing the template results as tiles or in a list format.
Tiles:
List:
Starting in Lucy version 5.1 you may select your favorite templates and use the "Starred" filter option to view them:
