8/14/2019 Halock ACS - Social Engineering

1/2

Pricing:

Pricing varies based on the

size, complexity, and depth of

testing

Remote testing (phone and

email) typically ranges from

$4,000 to $8,000

Onsite testing (physical

breach) typically ranges from

$2,500 to $5,000 per location

Social engineering is the practice of

obtaining confidential information

by manipulation of legitimate

users. During social engineering

testing, Halock exploits the natural

tendency of a person to trust

another persons word, rather than

exploiting computer security holes.

It is generally agreed upon that

users are the weak link in security

and this principle is what makes

social engineering possible. Social

engineering tests the effectiveness

of the organizations policies as well

as employee security awareness.

Halocks Red Team may use the telephone, carefully crafted email messages, and physical access

techniques to coerce the organizations employees into revealing sensitive information or granting

unauthorized access, in violation of established policies.

Information gathered during social engineering efforts is utilized during ethical hacking (if

included in the scope of the assessment), leveraging the information gathered to further attempt

to exploit vulnerable applications, systems, and processes such as user registration, user access

provisioning, and system maintenance.

Solution Overview

Professional Services Included :

Information collection, such as the names of

key IT staff members, credentials, system

information, locations of systems or data, etc,

using public sources

Attempts to gain access to sensitive

information remotely via telephone contactusing pre texting and persuasion methods

Attempts to gain access to sensitive

information remotely via email contact and

Phishing

Attempts to gain access to physical

information assets through onsite entry

Documentation of findings, including

detailed walkthroughs of exploit scenarios

Social Engineering

Solution

At-a-Glance:

Test end user security

awareness, ensuring em-

ployees and staff adequately

safeguard confidential infor-

mation and trade secrets

Attempt to gain access to

sensitive information

through remote or onsite

efforts

Simulate Phishing attacks todetermine if users will open

fraudulent emails and dis-

close credentials to the at-

tacker

Can be performed blind

(with no previous knowledge

or assistance) or in a col-

laborative manner

847.221.0200 halock.com

1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com

Assessment & Compliance Services Division

8/14/2019 Halock ACS - Social Engineering

2/2

Social Engineering: Scope Worksheet

1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com

847.221.0200 halock.com

Testing will be performed using the following approach:

COLLABORATIVELY

BLIND (NO ASSISTANCE FROM CLIENT)

The following methods are conducted during social engineering:

The following special considerations will be incorporated into the assessment:

METHOD SCOPE

Phone

Email / Phishing

Physical Penetration