BreachSim

BreachSim Guide

BreachSim is a data exfiltration simulator. Once installed, it attempts to send test files to KnowBe4’s remote servers using techniques similar to an actual malware attack. If the tool exfiltrates the files, it indicates that a similar malware attack on your computer could also be successful.

By default, BreachSim will attempt to exfiltrate the test files across the following protocols and ports:

  • HTTP:80
  • HTTPS:443
  • ICMP
  • DNS:53

Once the exfiltration test has been completed, you’ll be able to see the files that were successfully exfiltrated along with any files that were blocked by your security software. Your BreachSim results can help identify potential vulnerabilities in your existing security setup.

Read the sections below to learn how to install and launch BreachSim and view your results.

Note: For accurate results, we recommend installing BreachSim on a computer that uses the same programs and security software as your users’ computers.

Prerequisites

To install and launch BreachSim, you will need to meet the requirements listed below:

  • 64-bit Microsoft Windows 10 or later
  • Windows Server 2016 or later

Installing BreachSim

Once you’ve verified that your computer meets the requirements in the Prerequisites section above, you are ready to install BreachSim.

To install BreachSim, follow the steps below:

  1. Navigate to our BreachSim page. Complete the sign-up form and click Sign Up.
  2. On the following page, click Get Started to download the BreachSim installation file.
  3. You’ll be sent an email containing your BreachSim license key. Check your email to retrieve the license key, which you’ll need to use during the setup process.

Launching BreachSim

To launch BreachSim, follow the steps below:

  1. Open the BreachSimSetup.exe installation file.
  2. When asked if you would like to allow the app to make changes to your device, click Yes.
  3. Next, you’ll need to acknowledge the license agreement by selecting the check box and clicking Install.
  4. BreachSim will begin installing. Once the installation is complete, you’ll be prompted to enter the license key that you received by email in Step 2 of the Installing BreachSim section above.
  5. In the Welcome to KnowBe4 BreachSim window, click the Start Test button. When you click this button, BreachSim will attempt to exfiltrate data from your machine using various ports, protocols, and file types.
  6. You can view the test’s exfiltration progress in the KnowBe4 BreachSim window.
  7. Once the exfiltration test is completed, your results will be displayed in the KnowBe4 BreachSim window. To learn more about your results, see the list below.
      • File name: This column shows the name and file type of the test file.
      • Exfiltration Status: This column shows the status of the exfiltration process. This column will display either the In Progress, Exfiltrated, or Not Exfiltrated status.
      • Protocol: This column shows the protocol that was used during the exfiltration test.
      • Duration (sec): This column shows the amount of time spent (in seconds) during the exfiltration testing of this file.
      • MD5 File Hash: This column displays the encrypted hash of the test file as it is calculated on KnowBe4’s servers after the file was successfully exfiltrated.
      • File Size (bytes): This column shows the size of the test file that was exfiltrated. If the file was successfully received, the file size is recalculated on KnowBe4’s servers so that you can verify that the file sizes are equivalent.
      • Remote URL: This column displays the URL where the test files are temporarily saved on our servers. This column will only appear if you have selected the check box to temporarily save a copy of your test files on KnowBe4’s servers. For more information on this setting, see the Customization section below.
  8. You have the option to export your results to an Excel file or a PDF file by clicking Export to Excel or Export to PDF. Additionally, you can click Open Source Folder to display the folder where the test files are stored. You can optionally add more files into this folder for testing, as shown in our Customization section below.

Customization

If you would like to customize the protocols used during the exfiltration test, click the gear icon in the top-right corner of the BreachSim home screen.On the Settings screen, you can select the check boxes next to the protocols you would like to test. Additionally, you can select the check box to Temporarily store test files and provide download links if you would like to save a temporary version of the file on our test servers so that you can download them later. Click Apply Changes to save your selections.

Note: If you have selected the option to temporarily save test files on KnowBe4’s servers, any custom test files you provide will be saved for up to one hour.

During installation, BreachSim creates a folder with eight default test files. If you would like to add more test files for exfiltration, you can click Open Source Folder on the BreachSim home screen. This action will open the folder where you can add additional test files. You can also manually add files to the test folder by using the following file path:

C:\Program Files\KnowBe4\BreachSim\TestFiles

You can add up to 10 test files totaling up to 10 MB in size. BreachSim is compatible with most file formats except for scripts, executable files, binary files, or other file types that can be used to run programs.

Can't find what you're looking for?

Contact Support