We carry out authorized social engineering attacks, which usually relate to the preparation and conduct of phishing campaigns targeted at our customers' employees. The goal is determined individually with each client, for example, it can be collecting credentials, using them for further escalation and simulating a real attack by trying to filter data outside the organization. In a simpler version, it may simply be collecting statistics on the success rate of the campaign.
Another scenario could be aimed at WiFi users, where our consultants install a fraudulent access point (Access Point), posing as legitimate. When a user connects, we can try to perform MiTM, that is, capture sensitive data, install specially created executable files by capturing downloaded files for future access.
RedTeam Penetration Testing
Differs from penetration testing at several levels:
It is not limited to a very strict scope (for example, pentesters are limited in access only to a specific web application), it’s not about finding as many security vulnerabilities as possible, but about how to find the most effective way to penetrate the organization or achieve a specific targets, for example, to steal sensitive data. It is not limited only to technology, it includes the human factor.
As part of the operations, we conduct network attacks on both external and internal networks, where the main goal is to gain access to important company resources.