Gain Visibility Beyond the Breach

Request a Demo See the Solution Brief

How SafeBreach Propagate Works

Initial Reconnaissance

Credential Harvesting

Credential Validation

Subnet Scanning

Attack Execution

Reporting & Remediation

Initial Reconnaissance

When the tool is launched, data on patient zero is collected, including a list of installed browsers and EDRs, password managers, OS configuration details, account lockout policies, installed security updates, and user accounts.

Learn More
Credential Harvesting

Credential harvesting attacks are executed that target OS operations (e.g., targeting registry, memory dump), password managers, and browser storage to discover gaps in areas where sensitive data may be stored.

Learn More
Credential Validation

Collected credentials are verified to ensure they can provide access without triggering any lockout mechanisms. Domain hashes and plain-text passwords (domain and local) are verified to ensure their validity.

Learn More
Subnet Scanning

The local Class C subnet is scanned for open ports and services to identify a potential point of entry for lateral movement.

Learn More
Attack Execution

Several attacks are executed to gain access to a target via lateral movement. These attacks include RCE via PAExec, Pass the Hash, WMI lateral movement, WinRM lateral movement, RCE via Invoke Command (WinRM), RCE via RDP, and RCE using PAExec and SSPI.

Learn More
Reporting & Remediation

A structured report that highlights identified gaps along with actionable recommendations is available to make mitigation decisions.

Learn More

Why Choose SafeBreach Propagate?

Safety, Scalability & Support

SafeBreach products are designed to meet the stringent safety and privacy requirements of the world’s most mature enterprise security teams. They’re also backed by an award-winning customer success team.

Double your ROI with the ability to access two powerful technologies Validate and Propagate using the same simulator infrastructure and the same management console.

Propagate is backed by a world-renowned threat research team that continuously updates the SafeBreach platform with newly discovered attacks.

Leverage structured reports with clear findings, gap analysis, and actionable mitigation recommendations to provide a comprehensive understanding of organizational threat exposure and cyber risk.

Frequently Asked Questions

Have a question about SafeBreach Propagate? We’re here to help.

How does Propagate improve security posture?

Propagate simulates attacker movement within an organization’s network to help security teams uncover high-risk attack paths to critical organizational assets, prioritize remediation activities to focus on the most critical exposures, and streamline communication with key stakeholders using built-in reports and dashboards. 

SafeBreach Propagate was purpose-built for enterprise organizations and provides the highest level of protection against risks that other forms of security testing can introduce. Users have very granular control of the scope of the tests they want to run, deciding where and what can be tested to fit their unique needs. This flexibility enables targeted and efficient testing, while minimizing any impact on critical services.

Large enterprises leverage the unique insights of SafeBreach Propagate in ways that increase the visibility and efficiency of their security operations. This includes attack path mapping to understand the ability of attackers to move laterally within the tested network and post-breach exposure assessments to gain visibility into post-breach risk, security gaps, and opportunities to optimize identity and vulnerability protections. 

Propagate is specifically designed to augment the perimeter testing offered by Validate—our award-winning breach and attack simulation (BAS) tool—by using an “assumed breach” mindset to further validate network defenses against behavior often seen from ransomware and nation-state advanced persistent threat (APT) groups.

Additional Propagate Resources

Visit Resource Center