Not a vulnerability scan but real hackers ...

Social Engineering Testing


Evaluate risk, identify breakdowns in protections, and implement remediation strategies
Many organizations go to great lengths to protect their sensitive data with firewalls and access security systems, yet fail to realize that the weakest link in their data defenses is their own people. Social engineering is the most common – and highly successful – tactic used by adversaries to gain unauthorized access to a network. Social engineering is a non-technical attack that tricks unsuspecting employees into breaking normal security procedures and giving network access to attackers.

Overview


We tailor assessments based on the audience, and test that audience using the threats that we can expect them to encounter (malicious invoice/resume, email from a friend/co-worker, etc.). Testing activities remain in a controlled environment, and assessment results provide actionable remediation.
For all social engineering services, we provide a detailed description of the assessment, results, and our recommendations. We also offer an in-depth debriefing to discuss findings and remediation with your stakeholders.
Our social engineering methodology follows these standard phases:

Information Gathering
  • Find out who works for the company, what their jobs are, and the types of email that they receive

  • Identify what companies send the email, and what the email looks like

  • Determine when and why they might receive a particular message

Scenario Preparation
  • Present available scenarios

  • Select scenario for campaign

  • Purchase domains, create accounts, and author emails

  • Setup infrastructure, run tests, and get customer approval

Campaign Execution
  • Launch attack, and monitor responses

  • Update customer, and provide debriefing

Daily Briefings


During the test, we communicate with you daily to let you know who opened the email as well as who clicked on the link or opened the attachment. Giving you an opportunity to ask questions or get more information.

Executive and Technical Reports


At the conclusion of the test, Hellfire provides you with two reports: one for executive management so that they can see who is putting the company at risk and one for the IT department, demonstrating the attacks and a record of who fell for what and when.

Types of Tests


Media Drop

Hellfire Security identifies who pick up that USB stick or DVD and connect it their system.

Phishing Email

Hellfire Security finds who in your firm will open that email, click on that link, complete that form, or download that attachment.

Phone Calls

Hellfire Security finds who in your firm will open that provide personal or business information over the phone.

Why choose Hellfire as your social engineering test partner


  • Insurance companies, financial institutions, and telecommunications companies are some of the most security conscious companies in the world. They could work with anybody but they choose to work with the best. They choose to work with Hellfire Security.

  • Our team members undergo extensive training, speak at Defcon and Blackhat regularly, and have earned industry certifications, including GXPN, GPEN, GCIA, OSCP, and CISSP.

  • We present several possible scenarios based on the pre-existing threats as well as any that might be emerging in their industry.

  • We work with the customer, and any particular concerns that they might have regarding those threats to select the appropriate scenario.

  • Our assessments provide valuable insights into your people and how they respond to suspicious activity. With this insight, you can mitigate the risk your users pose. All provided in an easy to understand report that allow you to take immediate action.

What's Next


  • Contact Us

    Got any questions? Feel free to contact our team 24/7

    Contact Us »

SANS Top-20




Top Ten Network Security Tips


Wondering what the "best practices" are for securing your network? There is a very informative document called "The 60 Minute Network Security Guide" on the National Security Agency Web site (www.nsa.gov). Here's a brief summary ...