Social Engineering (SE) encompasses all human manipulation attempts to gain access to digital infrastructure, this can take place through
the following categories:
- Physical presence
This form of testing measures the training and awareness of staff in addition to the effectiveness of any physical controls. Can the
consultant 'sweet-talk' his way into a meeting room? Can gates/turnstyles be tailgated? Can the RFID access controls by bypassed or
fall-down to successfully cloned cards?
Email phishing campaigns; this is where the Team will attempt to construct several different campaigns representative of real-world
campaigns, to assess the effectiveness of any SPAM filtering technologies and the phishing-awareness of your staff. We have scalable
solutions from outright spam campaigns, to deeply personalised spear/whaling campaigns. The emails are crafted to illicit a response from
targets to visit a benign/controlled website, to measure responses. Campaigns can additionally be tailored to include attachments, to
assess the effectiveness and capabilities of any filtering technologies in-line to mail servers and usual web-browsing.
Voice phishing; this is where the attacker phones technical support/help desk or reception in an attempt to obtain information about the
target organisation. It might even be used in the follow up of a phishing attack, in an attempt to add credibility to the phishing
campaign, to raise the probability of success.
Are your publicly hosted services secure? Could your web services be remotely exploited by an attacker?
We may try to exploit any of the following services inorder to gain a foothold within your network.
- Vulnerable websites
- VPN weaknesses
- Misconfigured admin services
- Exploitable services
At this stage, we are simulating attack patterns from either of the following adversaries:
- External attacker
- Internal attacker
Lateral Movement & Escalation
Limited to toolsets of the native Operating Systems, our Team will attempt to escalate privileges, look for open files shares, and attempt
to access other systems (within scope) using default (or reused credentials) in addition to standard exploitation techniques. Once a workstation/server is compromised, forensic techniques will be employed in an attempt to scrape additional data/secret (e.g. plaintext passwords) that can be used to infiltrate additional
The final stage of the engagement, is the assessment of your organisations egress policies and controls. Our Team of experts will attempt
to exfiltrate benign but realistic
data, over common techniques and procedures:
- Mail Protocols
- Domain Name System resolution
- HTTP & HTTPS e.g. Pastebin,
- FTP & SSH
- Debug networking traffic
- Removable Media
- In the case of physical implants - Wireless Protocols.