Why Social Engineering Testing?
Social engineering, in the context of information security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.
Compliance regulations may require regular social engineering audits
Customers may require proof of regular social engineering audits
Proactive security investment instead of reactive repair costs
Avoid legal action and reputational damage following a breach
Service description
During a Social Engineering Audit, we can perform tests electronically (computer based). We gather a lot of open-source information prior to any engagement through online information gathering. We will then send a combination of phishing and spear phishing emails to company staff and record clicks on links, opened attachments and other actions users may perform.
Tests performed
Our testing methodologies are aligned with the NIST and SANS frameworks. We can customize our phishing and spear phishing drills to include the following options. Sending a generic phishing email to all staff which may seem to come from a news outlet. Dedicated spear phishing attempts with calls to action such as a seemingly email from a director to an employee. These services can be combined with client-side exploitation attempts whereby a user machine is compromised when a PDF file is viewed for example.
Deliverables
Full report on all phishing attempt and actions taken by users
Recommendations for companies
Secure report delivery by encrypted email
Flexible Options
Basic phishing
Spear phishing
Advanced spear phishing in conjunction with client-side exploitation
Packages for recurring and continuous automated testing available
Fine grained scoping and testing only during agreed schedule
Why Bongo Security
Consultants with 10+ years of ethical hacking experience
Consultants certified to highest levels such as OSCP, OSCE, OSWE, GIAC
Experience across all industry and government sectors
We are an independent third party concerned with finding & fixing flaws
No conflict of interest. We are not embedded with HW/SW vendors
Dedicated Red Team approach with specialists in all technologies
Leveraging Bug Bounty Expertise
Many of our consultants are actively engaged in public and private bug bounty programs for brands like Amazon, Twitter, Facebook, Google, Uber, LinkedIn, the U.S. Department of Defense and others. These are often seasoned and extremely hardened systems and applications, yet our consultants discover and report high impact flaws in these companies on a regular basis. We are leveraging our bug bounty expertise on hardened systems and applications in our Penetration Testing methodology.
As of April 2022, one of our founders who goes by the nickname of “bongo” managed to achieve 1st. rank amongst hundreds of security researches on Bug Bounty Hunter. Bug Bounty Hunter is a sophisticated modern web application with all kinds of vulnerabilities which have been found in real-world application bug hunting.
https://www.bugbountyhunter.com/hunter/bongo
Download Flyer and Sample Reports
1. BONGO-SECURITY-FLYER
2. BONGO-SECURITY-PENETRATION-TESTING-SAMPLE-REPORT
References and Certifications
If you would like to speak to one of our existing customers, we are happy to arrange that. Please note that a lot of customers wish to remain anonymous and not to serve as a reference due to the sensitivity of the work we perform. Naturally we always comply with our customers. We do however have some clients who are happy to serve as references. Should you require validation of our consultant’s certifications, we can arrange that as well.