Social engineering assessments

Social engineering is an attack that requires human interaction, persuading employees of the target company to act, such as opening a malicious document or providing authentication credentials.
While the social engineering delivery method is usually assumed to be email, many other channels such as SMS messages, calls, or social media may be used in the assessment. During the test, spear-phishing attacks are preferred, where a user’s personal information and position in the company are used to enhance a pretexting scenario, improving the success rate.
Usually, social engineering attacks are carried as a part of an adversary simulation assessment.

Adversary simulation

Adversary simulation can provide a different insight into a security infrastructure. While penetration tests are used to test potential vulnerabilities with no regard to stealth, evasion, lateral movement and the Blue Team’s ability to detect and respond to attacks, adversary simulation assessments allow to completely emulate the actions of a malicious individual and trigger proper security team response. While not a replacement for a complete penetration test, such an assessment can provide valuable insight into protection capabilities of a company against a real-world attack.