about us

“…replicating real world attacks through 60+ years of combined threat intelligence”


why use Layer8?

Layer8Labs is a leader in the phishing industry, with the most advanced phishing framework available. The tool has been developed over 10 years, and is the standard to which other companies have followed. The main difference is that we run the campaigns for the client allowing them to focus on their core business and let the experts ensure every test is performed flawlessly.

Competitive Differentiators

Experienced Engineers run all phishing campaigns, allowing customers to focus on their business and let us handle setting up and executing the campaigns.

Stadium view© allows customers to watch their phishing assessments in real-time. This not only shows user behavior, it can be used to monitor internal incident response time.

Advanced Metrics. Layer8Labs when used to measure the effectiveness of your security awareness had the most advanced metrics in the industry. Not only do we break down the entire process, initial baseline metrics may be compared to additional phishing campaigns to determine the organizations security posture and show an increase or decrease in awareness.

Behavioral Scoring©. Layer8Labs doesn't just record click metrics. A patent-pending analysis engine scores a user's risk behavior based on actions and also access and authority within the organizations. High Profile users may be identified during the target selection process, and are risk score weighted based on privileges and other key metrics.

Advanced Payload Delivery. The tool may be used for metric based assessments to measure the effectiveness of an organizations security awareness program, or it may be used as a black box penetration testing framework to model an advanced behavior. Depending on the client's needs, the framework can test user behavior, email security controls, or both. Optional payloads include: Metrics, credential harvesting, malicious attachments, Java payloads, etc.)

Password Scoring©: If the credential harvesting payload is selected, any passwords submitted undergo a NIST based scoring process that is associated with the target user and added to the client metrics.

Host/Browser Vulnerability Assessment: When a targeted user clicks a phishing link and visits our phishing page, the host browser undergoes a series of passive checks to identify vulnerable plugins and details about the base operating system.

Attack Packages©: Layer8Labs has over 100 built in landing pages and phishing pretext attacks. Attack packages have also been developed based on real world analysis and scenarios. This includes the phishing pretext, landing page, custom domain, and selectable payloads.

Corporate Attack Surface Analysis©. Part of our custom phishing process, is to perform OSINT (Open Source Intelligence Gathering) against a target organization to identify webmail, VPN, and other portals that are active to the internet along with any user emails that may be harvested. This allows the team to develop a custom attack package that is relevant to the customers target environment and would be realistic to an advanced attacker in the wild.

Flexibility. The Layer8Labs phishing framework was designed with the professional penetration tester in mind, providing the most verbose options and configurations to perform the most detailed attack. All payloads are modular, and may be added or removed with the click of a button.

Payloads. The tool is a modular phishing framework with an extensive payload collection allowing the flexibility to be used to capture metrics, or in a black box method to deliver a java or .exe payload in attempt to gain a foothold on the internal network. Other payloads include credential harvesting, malicious attachments, custom payload injection, BEEF Integration, and Metasploit Integration. This allows users to further analyze the actual risk of a particular attack and provide accurate environmental scoring which integrates with many popular vulnerability validation tools.

Campaign Comparison. Organizations spend a large amount of time on Security Awareness training users to identify indicators and how to respond to a phishing email. Layer8Labs provides an initial baseline metric analysis, and then can compare additional campaigns to identify improvement after security awareness training. The framework can look at the organization as a whole, or offer the granularity to look at specific departments or business units over time.

Campaign Scheduling. Layer8Labs offers the ability to schedule a campaign as needed by the client. The campaign may not only be scheduled for a certain date and time, it can be throttled as needed. Some organizations want all emails to be sent at once, and other would like them campaigns to be sent in "blocks".

Whitelisting. The Layer8Labs framework can be whitelisted to focus on metrics and testing user behavior, or used in a black box fashion where the internal messaging team doesn't whitelist any Layer8Labs IP addresses, and treats the campaign as a real attack. This simulates a real world attack, but in a controlled manner with the associated risk. If the organizations wished to test only user behavior and not technical controls, then a whitelisting method is used and Layer8 works with the internal messaging team to ensure all emails are delivered to provide 100% accurate metrics.

Constant Updating. Due to strategic partnerships, Layer8Labs is positioned to gather key intelligence regarding email based attacks and new phishing trends. As attacks and payloads change and evolve, this functionality is added into the phishing framework. Layer8Labs also works closely with clients and incorporates feedback into the development process to ensure a positive client experience.

Individual User Risk Scoring. We have the ability to look at an individual's actions and behavior over a series of campaigns. Also identify risky behavior such as password submittals and repeated clicks on phishing campaigns.

Sight©. SIGHT is a custom information collection tool used to properly scope the testing, collect user information, derive individual and department performance and provide enhanced metrics to feed back into the corporate information security program. These metrics provide performance scores from the individual, department and company overall. Have greater visibility in to valuable information such as which teams and individuals perform best throughout testing in order to modify training and response programs for maximum effectiveness.


Contact Us


get in touch with us