NEXUS
Documentation menu

Docs · Tools

Attack Simulation

Validate your defenses by safely rehearsing real attack techniques against targets you own. Every simulation is fenced by Scope Guard — it refuses to run unless the target is on your authorized list.

Category
Offensive (authorized)
Powered by
Scope Guard + module engine
Edition
Pro
Where
Desktop → Attack Simulation tab

What it does

Attack Simulation runs controlled versions of common techniques so you can confirm whether your detection and response actually fire. Available drills include:

  • Brute-force — repeated login attempts to test lockout/rate-limit and alerting.
  • Directory fuzzing — probe for exposed paths to test WAF/monitoring.
  • DoS (bounded) — a controlled load test to observe resilience and alarms.
  • MITM — a man-in-the-middle scenario to validate transport hardening.
  • Privilege-escalation checks — look for local mis-configurations attackers abuse.
Scope Guard gates everything. A simulation will not start unless its target is explicitly marked authorized in your scope. This is the guardrail that keeps drills legal and contained.

How to use it

1
Authorize the target
Add the host/range to your scope and mark it authorized. Out-of-scope targets are rejected.
2
Pick a simulation
Choose the technique to rehearse and set its (conservative) parameters.
text
Simulation:  brute-force
Target:      app.internal.lan   (must be authorized in scope)
Confirmed:   yes                (explicit go-ahead required)
3
Run & watch your defenses
Launch the drill and confirm your Fleet/SecOps pipeline raises the expected alerts and (if enabled) responses.
4
Review
Use the result to close detection gaps — if a drill went unnoticed, that is the finding.

Modes & options

  • Catalog — list the available simulations and their parameters.
  • Confirmation — destructive-leaning drills require an explicit confirm flag.
  • Scope-bound — every run is checked against your authorized targets.

What you get

A run summary plus the alerts/events your defenses produced (or failed to). Pair it with the Fleet dashboard to verify detection and the SOAR playbooks to verify response.

Tips

  • Run drills in a maintenance window and tell your team — the goal is to test detection, not surprise it.
  • Start with the smallest parameters; increase only as needed.
  • Use it to prove SOAR playbooks work before relying on automated response.
Authorized use only. Attack Simulation is for ethical, authorized testing of systems you own or are permitted to assess. Scope Guard enforces this, but you remain responsible: never target third-party systems, and keep DoS-style drills bounded and approved.
PreviousExploit LookupNext Reverse Shell / Listener