Our Core Services.

Social Engineering Assessments

Our social engineering assessments are what make The AntiSocial Engineer Limited so unique. Imagine the worst attacks possible – the ones that keep IT managers awake at night. Then replay these in a safe and secure environment with our experienced consultant.


Traditional & Web Application Testing

It’s not all James Bond around here. We also conduct a more traditional style of testing –
focussing on web application, wireless and external network tests.

Educational Social Engineering Campaigns

We can work with your organisation over a period of time, delivering educational social engineering campaigns. We teach employees common social engineering attacks and help them form a strong layer of defence.


Consultancy

Do you need our help with something? Consultancy services can vary from private discreet advice, working with a board of directors to public talks on social engineering.

Social Engineering Assessments.

Image

All Aboard!

When a new customer contracts work from The AntiSocial Engineer Limited, we work to ensure they are getting the exact assessment their organisation requires, so the first step of our on-boarding process is to meet face to face and discuss the planned assessment and scope of works.
When we have a clear understanding of your requirements and the necessary legal documents are covered we will then arrange for the safe transfer of files between our organisations, always prioritising your data handling requirements.

With every new customer we work on a ‘scoping’ document that will ensure we work using only agreed methods. Some customers might require us to interact with staff, some may not for example and we often find several simple questions at this stage can avoid confusion.

Key Points

  • Full Scoping Process
  • Bespoke planning and delivery
  • Experienced Consultants

The Attack!

Monitoring incoming staff emails from a compromised inbox.
Text messages, designed to steal passwords.
A polite and well mannered phone call.
A charming guest at your workplace.

A social engineering attack can take many forms, we work to bring simulations of the risks relevant for your organisation.

Key Points

  • Realistic Simulated Attacks
  • A Multitude of Attack Vectors
  • You Are Always In Control

Placeholder
Placeholder

Comprehensive Reporting

We provide an in depth comprehensive report authored by our principal consultant and social engineering expert. Our reports stand out from the crowd and offer in-depth strategies on remediation, insights discovered during the assessment and technical reporting. Raw data can be provided in both .xlsx and JSON format to facilitate further analysis.
It is vital that the reporting post campaign is able to portray every piece of informations discovered in a clear concise manner. All reporting is dispatched using secure encrypted transfer mechanisms.

Key Points

  • Remediation Plans
  • Evidence Slides, Photos, Screenshots
  • Raw Data Supplied

Social Engineering Assessments.

All Aboard!

When a new customer contracts work from The AntiSocial Engineer Limited, we work to ensure they are getting the exact kind of assessment their organisation requires, so the first step of our on-boarding process is to meet face to face and discuss the planned assessment and scope of works.
When we have a clear understanding of your requirements and the necessary legal documents are covered we will then arrange for the safe transfer of files between our organisations, always prioritising your data handling requirements.

Placeholder

The Attack.

Monitoring incoming staff emails from a compromised inbox.
Text messages, designed to steal passwords.
A polite and well mannered phone call.
A charming guest at your workplace.

A social engineering attack can take many forms, we work to bring simulations of the risks relevant for your organisation.

Placeholder

Comprehensive Reporting.

We provide an in depth comprehensive report authored by our principal consultant and social engineering expert. Our reports stand out from the crowd and offer brake downs on remediation, insights discovered during the assessment and technical reporting. Raw data can be provided in both .xlsx and JSON format to facilitate further analysis.
It is vital that the reporting post campaign is able to portray every piece of informations discovered in a clear concise manner. All reporting is dispatched using secure encrypted transfer mechanisms.

Placeholder

Here’s All The Services.

Redteam


ONsite social engineering

vishing


Phishing

Company Reconnaissance


SMSHING

Web Application Testing


Vulnerability Scanning

Training


Consultancy

Here’s All The Services.

Consultant Led Redteam Engagement

A team of two or more consultants will physically try to gain access to your building, office or place of interest.
Onsite physical access will be tested using methods agreed by you. Lock-picking, Wireless network attacks, tailgating, impersonation and complex scenarios may be used as agreed.

Pretexting, elicitation, diversion theft and complex fraud strategies are used.

  • Replicated staff Identification
  • On-site access systems tested
  • Rouge network access – Can we plant a dropbox, can we exfiltrate data?
  • Removal of assets

Redteam Engagements actively look to discover weaknesses. We are not told what to look for, we tell you what we can do.
No two assessments are the same and our priority is meeting the requirements of our clients. You will be in total control at every step of this rather offensive testing method. We know how to do this without error or disturbance within your working environment.

CTF – Capture The Flag Style Engagements

Companies can assign a ‘flag’ or target within their organisation and our social engineering assessment will try to gain access to it. The client can specify what kind of attacks will be deemed in scope and gets the options to exclude potentially damaging activities such as lock picking or direct employee interaction.

This style of testing works well if you are concerned about someone gaining access to a sensitive area, a specific computer or something of financial value.

  • You’re always in control – Prior discussion to potential concerns are defined with a scoping stage.
  • Define an area, Computer, Task, Person, Building – the list is endless!
  • Complex scenarios are utilised with prior planning and knowledge of your organisation.
  • Ideal for measuring counter-terrorism security controls

Onsite Social Engineering

Physical penetration testing aims to highlight the areas within an organisation that can be besieged by malicious attackers. A combination of telephone scams, phishing emails and login credential harvesting can discover weaknesses within an existing security policy or operation of a business. This information is later used in person to gain access and replicate a real physical assault on your building. The assessments will discover weaknesses before a criminal would exploit these gaps in security. A well experienced and trained consultant will use a combination of attack vectors to develop a tailored attack based on the defined scope of works that will culminate in an assessment based on your organisation. Different scenarios can be created to test for access to a secure area, to test the effectiveness of security or to analyse your organisations’ resilience to terrorism. Typical Penetration Tests include:

  • Gaining access to a private section of a high street bank, planting small remote access tools.
  • Bypassing traffic security to park an unchecked car at a security sensitive event.
  • Gaining access to a companies head office and accessing workstations, planting remote audio/video equipment.

   

Vishing

With the added layer of reassurance that comes from talking to a real person, an employee is more likely to comply with the demands of an attacker. Telephone attacks or ‘Vishing’ can be combined with other methods to really engage the employee in a well-constructed pretext. Social engineering attacks chip away at an organisation gathering information and use this information at a later date. The AntiSocial Engineer Limited will guide you through these assessments and work with every client on an individual basis to ensure a bespoke package is constructed. You will be able to test the effectiveness of staff training and assess the kind of information that is obtainable over the phone. These assessments prove to be quite useful when used in conjunction with other kinds of social engineering assessments such as physical penetration testing.    


Realistic Simulated Phishing Attack

Assessing who is susceptible to these techniques and who requires training can be a managed over a period of time in a simulation of a real phishing attack campaign. Full analytics will be provided with assessments to report which users have logged on to a cloned portal or clicked on a link inside an email.

  • Externally facing portals cloned.
  • Fully responsive web and mobile attacks.
  • Test how malicious Google Chrome browser extensions are handled.
  • Credentials harvested and reported on from various sources – always securely.
  • Several levels of Phishing email simulations.
  • Can be combined with other kinds of Social Engineering assessments.
  • A focus on user training and staff induction programs post simulation.
  • Increased training available to VIP and key personnel within an organisation.

Realistic means exactly that! We run this assessment like a criminal would. We start with next to no knowledge of the target organisation and work towards uncovering the details of your employees through OSINT. The final stages will see extremely complex phishing emails being used. Spear phishing has gained popularity but we go further than this. Crafting online personas and relevant situations and real-world events that reinforce an emails credibility.

When you really need to gain access to an organisation ‘in the wild’, you will stop at nothing. We replicate this determination and it forces us to test our clients harder, stealing some of the most ingenious and devious ideas from current phishing attacks.

We can also adapt our testing style to focus on click rate statistics and employee benchmarking. A real attack is significantly different from user testing so it will be essential to gather further information before commissioning work.  

Open Source  Intel

We really hunt for your data, true OSINT is so much more than a good search online. The AntiSocial Engineer Limited go further to develop unique information datasets. We hunt through paper records, we utilise publicly obtainable paywall type data sets, we will surveil a company for weeks to build up a portfolio of information. It is seen in the wild, attackers will work slowly to compile useful information and in a similar fashion, we work hard to really understand everything there is to know about the target company. Let us show you your own data in a truly unique way.  

On-Site Inspection

Physically being on the site gives us a much richer supply of information, suppliers and clients can be noted visiting, vehicles registrations can be observed, physical access controls can be investigated. After dark people leave the building but a wealth of knowledge stays and we look to exploit this. On-site inspections are normally carried out before physical penetration tests because the information gathered can be utilised fully.

Enhanced Due Diligence and Corporate Monitoring

We have access to over 600 Million global records, covering:

  • Proprietary information on one million Politically Exposed Persons (PEPs) including Adverse Media Data
  • Proprietary sanctions data updated every 30 minutes
  • Over four million records on High-Risk Individuals and Organisations, growing by 25-40k profiles per month
  • Corporate registry data
  • ID data

We Can:

  • Monitor the ‘dark web’ for employee credentials being offered for sale
  • Compile detailed portfolios of company information – Own business, competitor or due diligence
  • Monitor and alert when key staff members are discussed online.
  • Screen potential business partners for fraudulent transactions.

SMShing

We are the only company in the UK to offer a full SMShing campaign, by combining consultant managed campaigns with the carrier level contacts we have we can offer you a truly unique service.
 

Very similar to how a phishing email works, SMShing will focus on text messages and attacks against staff mobile phones. These can be generic messages or highly focused ‘spears’ akin to Spear Phishing Emails. User statistics such as click through rates of enclosed links, browser & device information are obtained and reported on.

SMShing is a commonly used attack vector in the wild yet few businesses adopt assessments into their testing habits. Choosing to defy this trend, your business could benefit from the foresight in testing staff.

  • Bulk SMS messages can be sent, covering 1 member of staff to a million.
  • Custom sender ID, we can mask the sender with a custom name.
  • Full data analytics, every text message traced, Every click and time saved.
  • Guide users to reply with information, click a link or even navigate to a custom login portal that will harvest credentials – right from their mobile phone in seconds.
  • Secure data, Your staff data is in good hands every step of the way. We work directly with the nation’s safest SMS service centres.

Web Application Testing

At The AntiSocial Engineer, Web Application testing is focussed on identifying and assessing all levels of vulnerabilities that exist in your Web Applications. Our service is delivered by world-class security consultants and provides you with a thorough analysis of your entire network from an attackers perspective.   Our reports which are hand written will include an executive summary along with a more in depth technical summary and a table of applications tested with the total number of vulnerabilities identified at each severity level with hand wrote remediation advice. The methodology we adopt is based on the OSSTMM and OWASP testing methodology, this is to ensure all attack vectors are covered.  


Vulnerability Scanning

An important part of defending your organisation is keeping up to date with new vulnerabilities. Keeping on the forefront of this constantly changing landscape The AntiSocial Engineer Limited can help you gain a clearer picture of your organisation’s weaknesses through regular vulnerability scanning. Monthly reports can be prepared and delivered securely giving you a much needed over view.  

Security Culture Development

Employees of all levels and sectors will actively work to secure the organisation from the inside out. Utilising all they can in their allocated roles to work together, to secure.

  • Heads of IT are praised for finding vulnerabilities and their superiors act on issues that are presented to them.
  • Employees are trained and made aware of risks, this drives further staff education – Not because they have to, but because they are logical caring people.
  • Staff report incidents without hesitation, knowing that these fast reports benefit the business and they will be trained further in response – Not disciplined.

We can work with your business to train staff of all levels, CEO to Starters! We encourage organic cyber security culture development . People don’t have to be the weakest link, utilising your own employee’s diligence and care is the correct thing to do – Let us show you how.

Click Rate Reduction

Whilst security is almost always multifaceted, sometimes your organisation is tasked with one simple task – Get the click rate down!

Working in response to employee testing we can assess your organisation’s ‘click rate’ this benchmark allows us to analyse just how many people would click the link within an email, then we can work on getting it down and improve upon it. Training can be supplied in many formats; 1-2-1 Sessions, Teacher-Class, Online assessment and Literature.

Bespoke solutions are tailored to fit your business and educate your staff in the best ways possible. After training, we believe in retesting to monitor training effectiveness.

  • Combined effectively with ‘Professional Services – Phishing’
  • Always the best training medium for your employees

Call Centre Training

If you run a call centre you will be aware just how many inbound calls could be deemed malicious. Fraudsters regularly target call centres to obtain information about their target. With many call centres in the UK being operated on behalf of third parties it is essential your call centre is not accidentally disclosing information. Protection from ‘Vishing’ calls comes from having staff that recognise the tell-tale signs of a fraudster. The AntiSocial Engineer Limited can:

  • Test call centre staff on how they handle authentication with Telephone Attacks.
  • Review independently your businesses call centre operations.
  • Offer training to department managers in how to train effective teams.
  • Train call centre employees directly to spot the signs, how to comply with the requirement of the data protection act and more.

You might also find the following blog of interest: Sim Swap Fraud


Daily Consultancy Service

When your business is focusing on social engineering prevention you might need advice that tailored to your organisation. The AntiSocial Engineer Limited can offer our specialised consultancy services and report on events that are affecting your organisation, using our knowledge can decrease the likely hood of a data breach or financial loss.

By using our consultancy service we can help with understanding risks, analyse existing threats and transfer essential knowledge.

Consultancy can also be an easy way to commission services fast, in order to provide agile security implementations.

Public Speaking

Our principal consultant Richard De Vere is available for speaking engagements.

A range of talk styles are available, from briefing a board room to teaching a school.


 

Blog


Go!
  • Easy To Follow Posts
  • Awareness Building
  • Educational

Training


Go!
  • Want To Learn
  • Awareness Campaigns
  • Our App (Coming Soon)

About Us


Go!
  • Our Aims & Objectives
  • Our Team
  • Our Clients

Be Social.

Contact Us 24/7


Follow Us On Twitter

Be Social.

Contact Us


Follow Us On Twitter


Connect On LinkedIn


Like Us On Facebook