Beruflich Dokumente
Kultur Dokumente
Solution Overview
Solution Social engineering is the practice of
At-a-Glance: obtaining confidential information
by manipulation of legitimate
Test end user security
awareness, ensuring em-
users. During social engineering
ployees and staff adequately testing, Halock exploits the natural
safeguard confidential infor- tendency of a person to trust
mation and trade secrets another person’s word, rather than
Attempt to gain access to exploiting computer security holes.
sensitive information
through remote or onsite It is generally agreed upon that
efforts “users are the weak link” in security
and this principle is what makes
Simulate Phishing attacks to
determine if users will open
social engineering possible. Social
fraudulent emails and dis- engineering tests the effectiveness
close credentials to the at- of the organization’s policies as well
tacker as employee security awareness.
Can be performed blind
Halock’s Red Team may use the telephone, carefully crafted email messages, and physical access
(with no previous knowledge
or assistance) or in a col- techniques to coerce the organization’s employees into revealing sensitive information or granting
laborative manner unauthorized access, in violation of established policies.
Information gathered during social engineering efforts is utilized during ethical hacking (if
included in the scope of the assessment), leveraging the information gathered to further attempt
to exploit vulnerable applications, systems, and processes such as user registration, user access
provisioning, and system maintenance.
1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
847.221.0200 halock.com
METHOD SCOPE
Phone
Email / Phishing
Physical Penetration
1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com