Physical Social Engineering
Also known as Physical SE, Raxis will create a customized engagement designed to gain physical access to the office environment by taking advantage of employees and security processes. Once physical access is obtained, the test continues with the network environment in order to obtain persistent access electronically. Often a device providing remote access will be planted, or an unattended system may be accessed to allow this connectivity. Simulated data exfiltration will be performed to demonstrate the potential impact to target systems.
If scoped, Raxis will utilize this obtained access to perform a full internal penetration test and gain complete access to the customer network.
Email & Spear Phishing
While one of the most common methods of social engineering, email attacks are still one of the most effective. Raxis will craft a customized email designed specifically for the target organization with the goal of obtaining login credentials or other critical information. Data obtained from this activity will be leveraged for a covert remote penetration test of the customer network if desired.
Depending on the goals of the engagement, Raxis also may utilize spear phishing techniques to convince a select person to comply with our nefarious requests. Spear phishing may go beyond email and utilize phone or social media in order to increase credibility.
Also known as phone phishing or voice phishing, Raxis will call members of your company and attempt to convince them to provide sensitive data. If any data is obtained that can be leveraged for further attacks, an attempt will be made to pivot to other systems. This is an excellent situational security test for your employees and will expose gaps in process and awareness.
Any data obtained from this activity may be forwarded to a covert penetration test if scoped by the customer.