PHISHING | VISHING | PHYSICAL

SOCIAL ENGINEERING

Redbot Security provides real-world social engineering attacks , organized and deployed by our team of experts.  Our services include physical and electronic social hacking.

Use the Quick Contact form below for Social Engineering Attacks -or- tell us more details about your upcoming project.

Physical and Electronic Social Engineering

Phishing is a malicious actor’s attempt to illicit non-public information, divulge credentials, install malware, or gain access to internal networks through social manipulation of employees through email. Phishing attacks techniques are typically fall into one of two categories:

  • General Phishing Campaign: These types of engagements are blanketed among a larger pool of employees. In the wild, a malicious actor may launch a campaign against thousands of people from an email list without regard to an individual company.
  • Spear-Phishing Campaign: These types of engagement are specifically handcrafted to target an individual or small group of people. Spear-phishing campaigns can also attempt to establish relationships over a long period of time and groom the victim into an unknowing ally. (See more details below)

Physical Social Engineering

The steps for performing a physical, social engineering assessment also depend on whether the client is receiving its first physical assessment or is already in the process of honing its policies and procedures through regular assessments. (see more below)

Custom Scoping

Our expert team takes pride in developing the right scope for your project.

Timeline Delivery

Our service delivery is designed to exceed expectations, to ensure you meet your deadlines.

Proof of Concept

Complete Proof of Concept to show manual testing efforts with detailed storyboard of findings.

Sr. Level Support

Our primary goal is to ensure that your network is secure. We go the extra mile, are engaged, and continuously strive to be your ongoing security partner.

Case Study

  • Client: Water Utility
  • Onsite Physical Social Engineering
  • Initial Test performed over three (3) days
  • Six (6) key findings with access to SCADA control room
internal

coming soon

Redbot Security performs expert onsite Physical Security Control Testing for many critical infrastructure clients

 

Physical SE

Redbot Security’s methodology to test a client’s physical security consists of multiple phases, including: data collection,   reconnaissance, pretext creation, execution.

Phishing and Vishing

Phishing is a malicious actor’s attempt to illicit non-public information, divulge credentials, install malware, or gain access to internal networks through social manipulation of employees through email.

Vishing (with a ‘V’) is a malicious actor’s attempt to illicit non-public information, divulge credentials, install malware, or gain access to internal networks through social manipulation of employees through telephone calls or text messages

Considering that most phishing engagements are completed within a given window of time, Redbot Security approaches campaigns in a hybrid model by first obtaining OSINT and then manually constructing a general phishing campaign that is unique to Company. Some of the actions performed can include:

  • OSINT gathering and data collection
  • Attempt to identify third-parties and potential vendors
  • Construct a campaign and submit for client approval:
  • Drafting a phishing email
  • Registering fake domains
  • Setting up fake or cloned websites
  • Generating a payload for malware deployment
  • Setting up authentication forms, banners, and popups

 

Additional Services

IT Network Penetration Testing

Redbot Security provides true manual penetration testing services that will simulate real-world attacks against your networks. Both External and Internal Network Testing can be performed from a remote perspective.

Application Penetration Testing

Redbot Security’s hybrid approach to web application penetration testing and mobile application penetration testing sources industry-leading frameworks and combines senior-level talent with over 20 years of experience

Red Team

Our Red Team Security Exercise is designed as real-world simulated attacks focusing on your Company’s ability to identify, track, disconnect, and clean up a potential or actualized breach by a malicious actor.

Wireless Penetration Testing

Wireless Network Penetration Testing is a proactive step your company can take to ensure the security of your wireless networks. Redbot Security provides the industry’s most comprehensive onsite wireless security testing.

OT Network (ICS/SCADA) Testing

Redbot Security provides an outside-in approach to offer a holistic testing for ICS/SCADA and recommendation methodology that aligns to the defined scope and expectational needs of the Company.

Cloud Security

Redbot Security’s Cloud Security Review focuses on private and public architecture, policies, and permissions in production and development cloud environments for: •Amazon Web Services (AWS) •Google Cloud Platform (GCP) •Microsoft Azure (Azure)