Resources

Social Engineering

Latest Social Engineering Resources

Social Engineering: 9 Attack Techniques and 6 Defensive Measures

Social engineering is a method used to manipulate people into divulging confidential information, enabling unauthorized access, or deploying malware.

Read more

Social Engineering Attacks: Techniques, Prominent Examples, and Prevention

Social engineering is a tactic used by attackers to manipulate individuals into revealing sensitive information or performing actions that compromise security. By exploiting human psychology, such as trust and urgency,… read more →

Social Engineering Penetration Testing: A Practical Guide

Social engineering penetration testing evaluates how susceptible an organization is to deception-based attacks targeting human vulnerabilities rather than technical systems. By simulating real-world social engineering… read more →

2023 Ransomware Examples

Ransomware has emerged as one of the most common and damaging malware threats in recent years. In fact, the volume and expense of ransomware attacks have caused some insurers to exclude them from cybersecurity coverage.… read more →

Never stop frontin: How to quickly setup a redirector and transparent reverse proxy

Protecting your infrastructure from prying eyes is an important part of landing a phish and maintaining access to a client’s network. The process of setting up redirectors and reverse proxies has traditionally been… read more →

Never had a bad day phishing. How to set up GoPhish to evade security controls.

I’m going to quickly go through the process of setting up GoPhish and show you how we evade defenders to increase the success rate of our phishing campaigns. read more →

Leveraging hijacked Slack sessions on macOS

We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article… read more →

Pro tips for purchasing and aging phishing domains

Good command-and-control infrastructure requires a known, trusted domain. When you’re first starting out, this can be difficult to find, but luckily other testers have provided many great resources. read more →

Preventing Social Engineering Breaches

It’s pretty common for companies to bundle social engineering into their penetration testing programs. But when the report shows up, you may find you’re surprised and frustrated at the rate of employees clicking links… read more →

3 New Phishing Streams Beyond Email - And How To Safeguard Them

There are cybersecurity phishing streams & threats constantly growing and evolving. Email spam is no longer the front line of the battlefield. Here are 3 new phishing streams beyond email - and how to safeguard them. read more →

Continuous Human & Automated Security

The Expert-Driven Offensive
Security Platform

Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.

Watch Demo Request Quote

Expert-Driven Offensive Security Platform

  • Attack Surface Management
  • Continuous Penetration Testing
  • Adversary Simulations