Professional Services Overview

“With todays fast paced testing environment it can be a daunting task arranging for an assessment to be be carried out, let us put you at ease and show you how security testing should be.”

 

Core Professional Services:

  • Physical Penetration Services – Physical penetration testing aims to highlight the areas within an organisation that can be besieged by malicious attackers. Starting with OSINT research and moving to direct manipulation of staff. Prior knowledge of the target building is later used in person to gain physical access to  your building.

 

  • Telephone Attacks – An assessment of the way staff handle requests for information over the telephone. Do they disclose private details? authenticate callers properly? can an attacker book a meeting room? A ‘Vishing’ attack will focus on what is obtainable over the phone. This insight can then be used to train and educate staff.

 

  • Phishing Campaigns – Assessing who is susceptible to these techniques and who requires training can be an open ended task – until now. Full realtime analytics can be used with assessments to report which users have logged on to a cloned portal or clicked on a link inside an email. Many companies offer Phishing services but we are confident we are the best, full consultant led assessments will meet your expectations. We can focus on impact and realism, replicating an attack or we can prioritise the statistics by sending uniform messages to staff.

 

  • Company Reconnaissance – A detailed look at what is available on the internet and the ‘deep web’. This could be your staff names, email addresses, meta data analysis and information on directors and persons of interest. I can make sure you will know what is out there and how an attacker would use this information to form an attack against your organisation. We can collate all the relevant information that is listed on social media sites. If an employee is identified the information could then be linked back to your organisation and cause harm. Just a simple list of names obtained from social media can be converted to an email address format or username to focus a social engineering Phishing attack. Social media can also be analysed to check for employee misuse, copyright infringement, hate speech and bad reviews.

 

 

 

Supplementary Professional Services:

  • ConsultancyExpert advice and knowledge that can be relied upon. With years of industry knowledge available to aid your organisation with anything related to Social Engineering.

 

  • Training Packages – Our training packages aim to teach employees right from wrong. Teaming with Jenny Radcliffe a greater understanding of the underlying psychological factors that take effect with interaction from determined Social Engineers.

 

  • Vulnerability Scanning and Web App Testing – What services could be exploited with prior knowledge of your organisation? This kind of assessment will look to combine traditional ethical hacking, information gathering exercises and simple externally based network attacks on common services such as login portals, FTP and SSH. Our external assessments will combine our research on remote attacks yet work in a way not solely relying on Social Engineering.

 

  • Incident Management – The perception of breaches can be very different especially from an outsider looking in. Our incident response team can provide a confidential and objectionable view of an incident, providing advice and guidance on the best way to analyse and respond to a breach to best protect the organisation and individuals involved.