Going much beyond the usual network and web application hacking, attackers have started investing their time, money and effort in an easier and higher yield target. This target is the abuse of trust a human places on their environment. Attackers have started exploiting the trust we place in each other and the systems we use.

Read about our recent case study which combines below attacks.

We offer services which replicate real-world exploitation of the human mind. Some popular attacks we replicate are:

Phishing:
Phishing is used by attackers to obtain the confidential passwords of your employees. Maybe their bank account or company internal account or even their social site accounts. People generally tend to keep the same password for different accounts –as it’s easier to remember. We test your employees’ ability to identify a real email or website from a fake one

Social Engineering:
Man is a social being. And as such, it is his tendency to try and help others in need. However, do we know when are we being polite and when we cross-over to revealing too much information about the organization. Social Engineering attacks can have varied consequences. People can be ‘forced’ or ‘pleaded’ to reveal their passwords or sensitive internal organization. Your employees may not realize that they are revealing too much information. They’re just trying to be helpful. We help you make your employees understand how a real world attack takes place, and in which situations they can be deceived into revealing information they would normally not reveal. Other attacks include Baiting, Dumpster Diving, as well as social engineering your call center into revealing far more than was intended.

Social Networking:
With the internet taking over the global communication space, everyone likes to be connected to their family, friends and colleagues. Online chats, innocent disclosures about work place issues are common talk. But can you identify a real friend from a malicious user who fakes other people’s profiles. Via Social Networks like Linkedin, Facebook and Orkut we try to gain your employees’ trust. Once their trust is gained, people are more than willing to discuss about sensitive information.

Client-side Attacks:
Everyday employees receive attachments in their email in the form or PDFs, Office formats such as Microsoft Word, Excel, PowerPoint, etc. Attackers use this knowledge to penetrate your network. These documents can be back-doored in way such that on opening them, they call back the attacker. Can your firewall stop these call-backs? Does your anti-virus detect such malicious documents? We simulate such attacks, so that you can test if your Anti-virus and Firewall still protect your? Are your employees aware that it’s possible to backdoor their work environment?