Penetration Testing

Social Engineering and Red Team Testing

Social engineering is used for a broad range of malicious activities accomplished through human interactions. Employees can facilitate attacks if not tested and trained to spot incidents even with the best technical control measures.

Contact
Contact

Get in touch

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Social Engineering and Red Team Testing

Regular phishing emails are common within workplaces to try and keep staff aware of threats. However, they are not only one part of the solution. Successful social engineering attempts are one of the most common methods attackers use to achieve system compromise. There are a variety of common vectors, including email and voice calls.

North Stars Red Team is well trained and proficient at imitating real-life threats and can help identify weaknesses, whether in employee training or technical controls. An advanced social engineering exercise allows you to assess the maturity of the security of your business.

Social Engineering and Red Team Testing
APproach

What we do

Testing can include but is not limited to:

Phishing - One we are all familiar with, these are email-based solicitations designed to lure a person into doing something for an attacker. For example, installing a remote agent. More targeted forms of this attack are spear-phishing and often utilised as a part of an advanced social engineering engagement.

Vishing - This is the voice variant of phishing and takes place over the phone. When was the last time this was tested on your organisation? Often employees are aware of Phishing emails, but could they be susceptible to someone imitating a member of the IT department or a third party requesting they install updates?

Tailgating - Tailgating is one of the most common types of physical social engineering. Physical social engineering often intends to introduce something malicious into a building. Tailgating is the act of waiting for an authorised person to access a restricted area and following them to gain unauthorised access.

Features

Features of this service

Slider Arrow LeftSlider Arrow Right

Real-world threats

Organisations often spend a lot on technical controls and defending the external infrastructure. However, social engineering can instantly unlock these defences. An Advanced Social Engineering Exercise can identify these specific vulnerabilities. Furthermore, it can help you understand the likely impact of a successful social engineering attack and understand what people, departments and processes are currently working well.

Awareness

Your employees are more likely to take security recommendations seriously if they experience social engineering attacks first-hand. It also helps you identify specific areas of weakness and prioritise your response accordingly.

Robust approach

A social engineering assessment helps you prioritise targeted network security solutions. It also provides detailed reports and recommendations for increased cyber security, including network segmentation, security solutions and improving your incident response procedure.

Cost-effective

It's better to prevent a cyber attack than deal with its consequences. Unfortunately, some of the biggest hacks in the world have been down to social engineering attacks and often lead to business financial and reputational damage.

Latest tactics

North Star takes advantage of the latest trends to infiltrate your organisation's network, and it's forever changing. Without social engineering assessment, you'd have difficulty keeping up with all these changes. So instead, North Star works with you to construct multiple scenarios and threat pretexts, then create solutions customised to your organisation.

Weaknesses

As with more traditional types of security assessment, the benefit of social engineering is that it enables you to safely identify potential social weaknesses in your security posture and address those weaknesses before real attackers exploit them.

Methodology

How we work

1
Contact

Get in touch and speak with one of the team.

2
Strategy

Strategic scoping call with our leading technical advisor to find out your exact requirements

3
RoadmaP

Tailor a roadmap to exactly what you need. We look to partner with our clients and be the trusted advisor they need

4
Onboarding

Our onboarding process is streamlined and smooth to ensue there is little to no disruption to your service

5
Continuous service

Your continuous security plan will give you the confidence in your security trusting an accredited professional partner is on hand 24/7

APproach

How we do it

Pre-Engagement

North Star will engage with the client to determine their requirements and ensure that the engagement is correctly scoped to deliver on those requirements and make sure all of the correct legal requirements are satisfied.

1
Pre-Engagement

North Star will engage with the client to determine their requirements and ensure that the engagement is correctly scoped to deliver on those requirements and make sure all of the correct legal requirements are satisfied

1
Reconnaissance

This phase helps obtain information about available services, potential versions of the services and get a general understanding of the environment that will be tested

1
Threat Modelling

Using all of the information gathered in the reconnaissance phase, North Star will determine where the potential risk of exploitation lies and create a plan to verify those findings

1
Exploitation

During this phase, and as agreed with the client in the pre-engagement phase North Star will attempt to exploit any vulnerabilities or misconfigurations identified in the previous phases to confirm that the risk exists

1
Post-Exploitation

Depending on the agreed approach for exploitation, North Star may also attempt to gain further access from the compromised host(s) further into the client’s network or attempt to obtain sensitive information

1
Reporting

As with all of North Star services, we will provide detailed expert advice in our report to help align your infrastructure with industry best practice security standards

1
Clean-up

As far as is possible, the systems tested will be returned to their pre-test state to remove any uploaded files or elevated accounts that were created

1
CUSTOMERS

Our Happy Customers

Phone And Credit Card

From a business perspective, North Star provide an efficient, thorough, and cost-effective security service which has benefitted thinkmoney considerably over the course of the last year.

Glenn Sproule
CISO thinkmoney
thinkmoney

From a business perspective, North Star provide an efficient, thorough, and cost-effective security service which has benefitted thinkmoney considerably over the course of the last year.

Glenn Sproule
CISO, thinkmoney
SSE Utilities Solutions

Their knowledge in the subject matter was excellent and I found them easy to engage, personable and approachable.

Ian Cheshire
Enterprise IT Lead Solution Architect, SSE Utilities Solutions
Connected Tech Group

It’s really refreshing to work with experts who act as an extension of our team. North Star don’t stop at identifying issues, they are happy to work with us to solve them too.

Andrew Cockayne
CEO, Connected Tech Group
Pickfords

If you are looking for a company to really deliver on the service they are offering, I would look no further. Very quick and easy process. They completed the report within a tight timeframe and offered plenty of helpful advice!

Waseem Akram
Group IT Manager, Pickfords

Let's talk

We’re here to help! Submit your information or call the office on +44 (0)1243 670 854 and a member of our team would be happy to help.

Who is North Star?
How can we support your business?
Why work with us?

Send us a message

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Email Icon
Contact

Contact us

Please get in touch using the form below
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.