Since the original conceptualization of computer security, and perhaps even before, social engineering has been in existence. One could say that social engineering began when societies began, whether it was realized or not. Hackers are always looking to attack the weakest link in your organization in order to gain access and social engineering is one of the oldest, but most successful attack vector taking advantage of the "human factor".
In Section9labs, we are constantly researching into the latest attacks reaching our customers and their employees and thinking ahead of the game developing our own tools to mimick those attacks in order to be able to create scenarios as real as possible to test, educate and even improve the security around social engineering attacks within our clients.
This service is custom build based on the needs and requests from each customer. Having said that we do offer a list of basic attacks that are commonly known and well used by malicius individuals, corporations, and criminal organizations.
Having said this, we still organize ourselves around the following high-level testing phases, but as was abovementioned, always working hard to research and bring a perspective that could help the organizations identify real risks.
This process start by gathering any and all information about the corporate network and any other relevant data. In order to properly win you always need to know your oponenent. In these case it is key that good information gathering is performed in order to know who, how and what to attack. These phase is the responsible for creating a scope, if it was not provided by the customer, investigate which properties the company in question owns and are currently connected to the internet, etc.
Using automated, manual and custom build tools and scripts, consultants run multiple set of scans in order to detect possible vulnerabilities. While running these scanners, manual testing is also performed in order to detect issues, that due to complexity or sensitivity could only be tested manually in order to further detect vulnerabilities.
Unlike a vulnerability scan, once we found a vulnerability, the consultants will try to safely exploit and test the vulnerability on each of the detected systems in order to further and more properly assess the severity of the vulnerability and also to allow him/her to continue with the exercise as we will dicuss on the next phase.
Once we are able to sucessfully exploit vulnerabilities, it is time to assess what damage a real attacker would be able to cause using these vulnerabilities and how deep he could go into the corporate environment. This does not only allows yout detect the real thread of a vulnerability, but also allows the penetration testers to possibly find even more vulnerabilities that could not haven been discovered.