Scope an Engagement

Social Engineering

Your people are your perimeter. We test whether they're your weakest link — before adversaries find out.

Test Your People
Human Attack Surface

The Human Layer

Technology alone cannot protect an organisation. The most sophisticated firewall in the world will not stop an employee who clicks a link, opens a door, or picks up a phone. Social engineering tests the layer that security tools cannot fully address: human behaviour.

Our social engineering campaigns replicate the tactics used by real threat actors — from nation-state APT groups to financially motivated criminals. We use OSINT to build targeted pretexts that are highly believable and contextually appropriate.

All campaigns are conducted within agreed rules of engagement. We never store real credentials, and all captured data is destroyed at engagement close.

Campaign Structure

From Recon to Reporting

01

Target Profiling & Pretext Development

We research your organisation, key personnel, and corporate culture using OSINT. We craft believable pretexts tailored to your sector — supplier invoices, IT support requests, HR communications.

02

Campaign Design & Infrastructure Setup

We build the infrastructure — phishing domains, lookalike pages, caller ID spoofing, and SMS gateways. Every campaign is designed to mirror real adversary tactics.

03

Execution & Data Collection

Campaigns are executed according to agreed rules of engagement. We track opens, clicks, credential submissions, and callback rates — without storing real credentials.

04

Analysis & Awareness Recommendations

We analyse results by department, role, and campaign type. You receive a full picture of your human attack surface and targeted recommendations for awareness training.

Attack Vectors

Every Angle, Tested

From targeted spear-phishing to physical intrusion, we test every vector that a real adversary would exploit against your people.

  • Spear-phishing campaigns
  • Vishing (voice phishing)
  • Smishing (SMS phishing)
  • Physical intrusion scenarios
  • Tailgating tests
  • Impersonation exercises
  • USB drop campaigns
  • Pretexting scenarios
Operator Debrief

What the Campaign Reveals

Click & Credential Rates

Detailed breakdown of click-through, credential submission, and reporting rates by department, role, and campaign type.

Employee Awareness Assessment

Heatmap of your human attack surface — which teams are most susceptible and to which vectors.

Campaign Report

Full documentation of campaign design, execution, infrastructure used, and individual interaction logs.

Awareness Training Recommendations

Tailored training recommendations based on real observed behaviour — not generic security awareness content.

Policy Gap Analysis

Review of your security policies against what we observed — identifying gaps in acceptable use, reporting, and verification procedures.

Related Services

Explore More Capabilities

Web Application Testing

OWASP Top 10 and beyond — full manual testing of web apps and APIs by certified practitioners.

Learn More

Network & Infrastructure

External perimeter, internal network, Active Directory, and segmentation — mapped and exploited.

Learn More

Mobile Application

iOS and Android assessment covering static analysis, runtime instrumentation, and API backend testing.

Learn More
Get Started

Test your human perimeter.

Find out how your people respond under realistic adversary pressure — before attackers discover the answer first.

Let's Talk