Social Engineering

Social Engineering (SE) encompasses all human manipulation attempts to gain access to digital infrastructure, this can take place through the following categories:

Physical Presence

This form of testing measures the training and awareness of staff in addition to the effectiveness of any physical controls. Can the consultant 'sweet-talk' his way into a meeting room? Can gates/turnstyles be tailgated? Can the RFID access controls by bypassed or fall-down to successfully cloned cards?


Email phishing campaigns; this is where the Team will attempt to construct several different campaigns representative of real-world campaigns, to assess the effectiveness of any SPAM filtering technologies and the phishing-awareness of your staff. We have scalable solutions from outright spam campaigns, to deeply personalised spear/whaling campaigns. The emails are crafted to illicit a response from targets to visit a benign/controlled website, to measure responses. Campaigns can additionally be tailored to include attachments, to assess the effectiveness and capabilities of any filtering technologies in-line to mail servers and usual web-browsing.


Voice phishing; this is where the attacker phones technical support/help desk or reception in an attempt to obtain information about the target organisation. It might even be used in the follow up of a phishing attack, in an attempt to add credibility to the phishing campaign, to raise the probability of success.

 External Testing

Are your publicly hosted services secure? Could your web services be remotely exploited by an attacker?
We may try to exploit any of the following services inorder to gain a foothold within your network.

 Internal Testing

At this stage, we are simulating attack patterns from either of the following adversaries:

Lateral Movement & Escalation

Limited to toolsets of the native Operating Systems, our Team will attempt to escalate privileges, look for open files shares, and attempt to access other systems (within scope) using default (or reused credentials) in addition to standard exploitation techniques. Once a workstation/server is compromised, forensic techniques will be employed in an attempt to scrape additional data/secret (e.g. plaintext passwords) that can be used to infiltrate additional systems.


The final stage of the engagement, is the assessment of your organisations egress policies and controls. Our Team of experts will attempt to exfiltrate benign but realistic data, over common techniques and procedures: