Skip to content

Ember Lake’s approach to penetration testing and vulnerability assessments are based upon guidance outlined within NIST SP 800-53 and industry-backed best practice. Years of fine-tuning results in an all-encompassing approach to identify vulnerabilities and misconfigurations affecting external and internal network devices.

Social Engineering Assessments examine the current state of cybersecurity awareness within an organisation. Each assessment is tailored to the client’s industry and geographic footprint. Scenarios have been fine-tuned after years of experience and analysis of cybersecurity trend, resulting in “true to life” scenarios end users face daily. Examples of our social engineering assessment may include: 

Phishing & Fake Website 

Leveraging open-source intelligence to gather a target list of email addresses, we will create a phishing campaign, along with a custom website, to enticing users to follow an embedded link. This website will capture credentials, simulating an advanced phishing attack. Scenarios include, but are not limited to:

  • Website impersonation
  • Vendor relations
  • Office personnel attacks

Phone Phishing (Vishing)

Vishing takes advantage of impersonating a trusted or known individual and attempt extraction of sensitive information over the phone. This vector can be coupled with a fake website for more advanced scenarios.

USB Drop Attacks 

Placing malicious USB drives in highly trafficked areas targets users who may be prone to introducing malware to the network. Once connected, these USBs contain a custom payload that gathers information used to identify the host and, if deemed in scope, provide remote access. 

Malicious Email Attachments

We will create an innocuous attachment that contains a hidden and customised payload. Under normal scenarios, this payload gathers information used to identify the host and, if deemed in scope, provide remote access. 

Contact us today to speak with one of our cyber professionals to see how Ember Lake can help.