Upload
halock
View
215
Download
0
Embed Size (px)
Citation preview
8/14/2019 Halock ACS - Social Engineering
1/2
Pricing:
Pricing varies based on the
size, complexity, and depth of
testing
Remote testing (phone and
email) typically ranges from
$4,000 to $8,000
Onsite testing (physical
breach) typically ranges from
$2,500 to $5,000 per location
Social engineering is the practice of
obtaining confidential information
by manipulation of legitimate
users. During social engineering
testing, Halock exploits the natural
tendency of a person to trust
another persons word, rather than
exploiting computer security holes.
It is generally agreed upon that
users are the weak link in security
and this principle is what makes
social engineering possible. Social
engineering tests the effectiveness
of the organizations policies as well
as employee security awareness.
Halocks Red Team may use the telephone, carefully crafted email messages, and physical access
techniques to coerce the organizations employees into revealing sensitive information or granting
unauthorized access, in violation of established policies.
Information gathered during social engineering efforts is utilized during ethical hacking (if
included in the scope of the assessment), leveraging the information gathered to further attempt
to exploit vulnerable applications, systems, and processes such as user registration, user access
provisioning, and system maintenance.
Solution Overview
Professional Services Included :
Information collection, such as the names of
key IT staff members, credentials, system
information, locations of systems or data, etc,
using public sources
Attempts to gain access to sensitive
information remotely via telephone contactusing pre texting and persuasion methods
Attempts to gain access to sensitive
information remotely via email contact and
Phishing
Attempts to gain access to physical
information assets through onsite entry
Documentation of findings, including
detailed walkthroughs of exploit scenarios
Social Engineering
Solution
At-a-Glance:
Test end user security
awareness, ensuring em-
ployees and staff adequately
safeguard confidential infor-
mation and trade secrets
Attempt to gain access to
sensitive information
through remote or onsite
efforts
Simulate Phishing attacks todetermine if users will open
fraudulent emails and dis-
close credentials to the at-
tacker
Can be performed blind
(with no previous knowledge
or assistance) or in a col-
laborative manner
847.221.0200 halock.com
1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
Assessment & Compliance Services Division
8/14/2019 Halock ACS - Social Engineering
2/2
Social Engineering: Scope Worksheet
1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
847.221.0200 halock.com
Testing will be performed using the following approach:
COLLABORATIVELY
BLIND (NO ASSISTANCE FROM CLIENT)
The following methods are conducted during social engineering:
The following special considerations will be incorporated into the assessment:
METHOD SCOPE
Phone
Email / Phishing
Physical Penetration