Social Engineering

Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. During social engineering testing, Halock exploits the natural tendency of a person to trust another person's word, rather than exploiting computer security holes. It is generally agreed upon that 'users are the weak link' in security and this principle is what makes social engineering possible. Social engineering tests the effectiveness of the organization's policies as well as employee security awareness. Halock's Red Team may use the telephone, carefully crafted email messages, and physical access techniques to coerce the organization's employees into revealing sensitive information or granting unauthorized access, in violation of established policies. Information gathered during social engineering efforts is utilized during ethical hacking (if included in the scope of the assessment), leveraging the information gathered to further attempt to exploit vulnerable applications, systems, and processes such as user registration, user access provisioning, and system maintenance.

Solution At-a-Glance:
  • Test end user security awareness, ensuring employees and staff adequately safeguard confidential information and trade secrets
  • Attempt to gain access to sensitive information through remote or onsite efforts
  • Simulate Phishing attacks to determine if users will open fraudulent emails and disclose credentials to the attacker
  • Can be performed blind (with no previous knowledge or assistance) or in a collaborative manner

Ethical Hacking Training:

In-depth, hands-on, ethical hacking training. Learn how to find and exploit vulnerabilities in systems and applications, and the corresponding methods for preventing such exploits.

Social Engineering:

It is generally agreed-upon that end users are the "weakest link" in security, and this principle is what makes social engineering possible. Social Engineering tests the effectiveness of the organization's policies and employee security awareness.

Ethical Hacking:

Halock's team of ethical hackers perform an in-depth analysis of potential high risk vulnerabilities, with the primary objective of gaining access to sensitive information assets within the organization as a practical demonstration of what a malicious individual could accomplish.