Social Engineering tests are used to assess your employee awareness and test your company’s security protocols. Are there any training or workshops designed to prepare your staff to face malicious tricks? Do employees know how to check links of downloadable files for the safety of their contents? Are they familiar with techniques of concealed adversarial attacks?
Nowadays, social engineering techniques are the easiest way for bad actors to bypass an organization's security infrastructure. The main problem is, that this type of attack is meant to be unrecognized before it’s too late.
To test how vulnerable to the exploit the human element is, tests must aim to cover as many areas and vectors as possible. While conducting the tests CyberForces specialists base on the OSINT (Open Source Intelligence) and their creativity to find entry points. Our primary rule is to think outside the box because that’s what hackers do.
These are some of the techniques we use while trying to breach your security system:
- Link scam
- Brute force
- Social psychology rules
We use tools such as Rubberduck and WiFi Pineapple® to intercept physical network while being invisible to the user and BeEF (The Browser Exploitation Framework Project) to gather access to clients systems.