Call the Team: (London Office)

30 days guarantee

Social Engineering and Red Team services organised by certified experts

Get in touch now

 

Another satisfied customer

More info
Register your Domain Name
  • Bulk transfer domains
  • Register 400+ domain extensions
  • Free DNS management
  • Industry leading grace and redemption periods
  • No hidden fees
  • 300x200

    Social Engineering

    Social engineering refers to the psychological manipulation of people to convince them to carry out specific actions or disclose confidential information.

    Read more

  • 300x200

    Red Team Services

    Red Team services involve the simulation of real and efficient attacks strategies applied to your infrastructure.


    Read more

Discover our services:

Social Engineering

What is social engineering testing?

We are able to carry out a range of social engineering tests:

  • Retrieval of information from public sources (addresses, names, duties of collaborators)
  • Targeted phone calls using various pretexts to extract information or find ways to gain access
  • A "Spear phishing" scenario based on an e-mail campaign and the use of specific infrastructure
  • Physical penetration attempt based on realistic attack scenarios

The purpose of these tests is to involve all members of your teams (and anyone that has some level of internal access) in the protection of your assets, and to make them aware of threats such as a phishing attempt by email or phone.

Our teams can also measure potential risks associated with your information system, including the:

    • Risk of confidential information leakage
    • Risk of penetrating your infrastructure
    • Presence of "organisational loopholes" that enable attack scenarios to be carried out

In addition to testing the awareness and preparedness of your team members, your physical and cyber infrastructures will be testedunder the most realistic approaches possible.


Methodology and Strategy


Schema test intrusion interne

The methodology of a social engineering test varies, depending on the circumstances of your situation and the type of testing you have chosen. However, the “textbook case” will follow the same procedure of a passive (reconnaissance) phase followed by an active phase (targeting your employees), and finally an intrusion phase (attempt at compromising your information system using information gathered from previous phases).

  • Passive phase : Data collection from open sources. All available resources can be used.
  • Active phase : Phone calls, phishing emails or spear phishing and data recovery, creation of targeted "waterholes" to attract users.
  • Intrusive phase : Physical intrusion or logical intrusion based on information gained during previous phases.

The aim of this is to collect the maximum amount of information about your organisation through public sources, including social networks, search engines, forums or other informative sites.

This information, which is sometimes confidential, will make it possible to refine our approach for the next phases, and often includes:

  • Key Functions, Organisational Chart
  • Passwords, keys
  • Technical information: technology or internal project names

Physical penetration simulation involves the use of different pretexts to enter target premises. The simplest scenario is often the most successful such as following the collaborators through SAS security.

Before starting this phase, we define our goal with you which can include reaching the server room, the office of a director, etc. This will allow evaluating the success of this scenario, but also to know what impact this penetration could have and how far an attacker could reach which includes data retrieval, illegal access to a workstation, etc.

Two approaches can be employed during a phishing campaign, targeting users through e-mail contact:

  • • We build a fake site, also known as "watering hole" and launch an e-mail campaign that encourages your employees to visit this site. This site replicates an existing site regularly used by staff (e.g. human resources management application) except that it registers both the user identification and password and passes it on to the attacker.
    This results in user identification theft, for example via allowing access to data related to your Active Directory.
  • Cela résulte en un vol d’identifiants permettant, par exemple, l’accès aux données liées à votre Active Directory.
  • Un email contenant une pièce jointe malveillante est envoyé, dans le but que celle-ci soit exécutée par la victime. Une fois le fichier exécuté et si les conditions le permettent, nous sommes en mesure de prendre le contrôle à distance du poste de la victime et ainsi d’avoir accès aux ressources internes de la société.

We can also send an e-mail containing a malicious attachment. Once the file is executed and conditions are suitable, we will be able to take remote control of the victim's workstation and thus have access to the internal resources of the company.



Red Team services

What is a Red Team mission?

Red Team missions employ real and efficient attacks strategies on your infrastructure with the aim of finding a way to compromise it.

  • The most realistic attack simulation

This full-scale exercise aims to find a way to penetrate your internal network in order to extract real data while avoiding detection.

  • A flexible approach

We conduct Red Team missions to assess the efficiency of your defences against a real attack, but also to test security levels across the departments of your organisation. Tests can be carried out remotely or on-site, depending on the target and methodology.

  • External surface attack

Each exposed and connected surface to your internal infrastructure is subject to an intrusion attempt, by utilising data about your organisation that can be found from open sources (OSINT).

  • Phishing attack/strong>

This is an approach targeting your employees in order to establish an anchor point, permitting access to your network.

  • Physical intrusion

A red team physical intrusion could take the form of an anonymous box being deposited on or near your property, acting as a bridge between your internal network and the attacking network.

  • Intrusion from a wireless network

All Wi-Fi networks are a potential entrance point to your internal networks. These can also be compromised.




Our full and detailed test reports

Once our testing is concluded, we will provide you with a full and comprehensive report containing detailed results of the performed tests, as well as flexible and comprehensive solutions for a range of your departments (management, administration and IT, for example).

 

Livrable_testd'intrusionSSL247


This service may also interest you:


Why choose SSL247® ?

SSL247® has over 12 years of experience and expertise in the web security industry and numerous accreditations such as the EMEA Symantec Champion Award 2017 and the certification ISO 27001:2013.

Additionally, we have our own department specialised in penetration testing and security audits. Our team is composed of experts that are certified and well-known in the IT security arena (OSCP, OSCE et OPST).


Contact us

For more information on how our security services can benefit your business, get in touch with one of our accredited consultants:

null   
null  sales@ssl247.co.uk 

Symantec

Norton seals are viewed more than half a billion times a day on more than 100,000 websites in 170 countries and in search results on enabled browsers, as well as partner shopping sites and product review pages. When website visitors see the Norton Trust Seal, they are less likely to abandon a transaction and more likely to do business with you online.

SSL Certificates

Our Partnerships
Our Accreditations
Our Trust Seal
Sitemap | Cookies | Legal
© 2017 . All rights reserved. SSL247 Limited is registered in England No: 5802692 | Tel:

Cookies SSL247 uses cookies to provide you a seamless user experience. For more information please read our Terms & conditions. Continue