Social Engineering & Physical Pentesting

Social Engineering & Physical Pentesting
IDENTIFY THE WEAKEST LINK IN YOUR ORGANIZATION

Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information.

A physical penetration test evaluated all physical security controls such as locks, security guards, cameras, and other security measures. The goal of a physical penetration test is to circumvent these safeguards in order to access networks, locate sensitive data, and physically enter locations that are off-limits.

  Drop An E-mail   Call / WhatsApp

What Are

Social Engineering Attacks ?

most common social engineering attacks :

01
Phishing

Phishing is a method that occurs via email and attempts to trick the user in to giving up sensitive information or opening a malicious file that can infect their machine.

02
Vishing

Vishing is similar to phishing but occurs via phone calls. These phones calls attempt to trick the user into giving up sensitive information.

03
Smishing

Smishing is similar to phishing but occurs via sms text messages. These text messages have the same intent as phishing.

04
Impersonation

Impersonation is a method where the attacker attempts to fool a person into believing they are someone else.

05
Dumpster Diving

Dumpster diving is a method where an attacker goes through not only trash but other items in plain sight, such as sticky notes and calendars, to gain useful information about a person or organization.

06
USB Drops

USB drops is a method that uses malicious USB’s dropped in common areas throughout a workspace.

07
Tailgating

Tailgating is a method that is used to bypass physical security measures.

08
Honey Trap

pretends to be an attractive person to interact with a person and gather sensitive information.

Working Process

METHODOLOGY

Our Methodology is based on the following industry standards :

OWASP Testing Guide v4
NIST 800-115
The Pen Testing Execution Standard (PTES)
PCI Pen Testing Guidance

01
Investigation

gathering information in preparation of the attack

02
Hook

deceiving the victim(s) in order to gain control of the interaction

03
Play

executing the attack by obtaining information over a period of time

04
Exit

bringing the interaction to a natural end without arousing suspicion

Frequently Asked Questions

Answers Of Commonly Asked Questions.

Why is social engineering needed?

Because it is often easier to exploit people than it is to find a network or software vulnerability.

How Secure is your Organisation?

Book A Free Security Assessment

we will analyse how secure your organisation/network is by discovering vulnerabilities.

Contact Us