Skip to main content

Distributed Attack Origins

Real adversaries rarely attack from a single IP in a single region. Cybrium lets you mirror that reality by spreading campaign traffic across a pool of geographically distributed exit points, each with its own egress mode and rotation policy. The result is a campaign that exercises your geo-fencing, rate-limiting, and threat-intel controls as honestly as possible.

Screenshot: 3D globe with arcs between origin regions and targets

Picking Regions

The region picker is a two-level tree. Pick a continent to select all its countries, or drill in and pick individual countries. As you check boxes, the 3D globe in the preview pane drops pins on every selected country and draws arcs from each pin to the campaign's target coordinates. The number of active arcs equals the number of parallel origin workers the campaign will use.

Exit Modes

Each region can operate in one of four exit modes:

  • Native — traffic leaves from a cloud VM in that region using the provider's default egress IP. Fastest and cheapest, but the IP ranges are attributable to the cloud provider.
  • WireGuard — traffic is tunneled through a dedicated WireGuard endpoint with a residential or ISP-assigned IP pool. Hides the cloud provider fingerprint.
  • Managed Proxy — traffic flows through a curated pool of commercial proxy exits with rotating IPs.
  • Tor — traffic exits through the Tor network. Slow and easily fingerprinted, but useful for exercising controls that block anonymizer traffic.

Exit modes can be mixed within a single campaign — some regions native, others WireGuard — and the planner will annotate every request with the exit mode that carried it so analysts can correlate.

Rotation Strategies

The rotation strategy decides when the engine switches exit points:

  • per_step — a new exit is picked for every tactic step. Maximum noise, maximum coverage of your detection layers.
  • per_target — one exit per target host for the life of the campaign. Useful when session affinity matters (authenticated web testing).
  • random — unweighted random pick per outbound request. Closest to a real botnet.
Plan-gated

WireGuard, Managed Proxy, and Tor exits require the Pro or Enterprise plan.