The Human Element is Your Weakest Link
It’s true for almost every company. Only frequent Social Engineering (SE) and Phishing assessments can help, and we’ve seen a significant improvement year after year for our customers that repeat testing. With or without a formal training session, your employees will take it upon themselves to improve after being breached by our team. They will learn first hand what to look for, and how significant the damage can be after being breached.
Our Competition Quits Work Early
We’re not kidding - most Social Engineering vendors consider the job complete after gaining a password or getting physical access inside the building. At that point, we’re just getting started. For Physical SE, we attempt to breach the internal network using a small device planted in the office for persistent connectivity. We’ll continue all of the way to Domain Administrator if it’s possible. For Remote SE engagements like phishing or cold calling, we’ll utilize any captured credentials and attempt to gain access to internal resources. Then we’ll pivot to other systems and aim for administrative control of the environment.
Why? A true (and safe) simulation of a security breach most effective way to demonstrate the potential harm that could be done, and these proven events provide significant credibility in driving awareness throughout the organization.
We Use the Latest Technology
We have several types of badge cloners, a Raxis designed and built cellular accessed dropbox device, and the needed tools to bypass various electronic locks. While social is a major component of our test, we also believe in the physical portion of Physical Social Engineering.