Penetration testing (pen-test) is an authorized, simulated cyber-attack against a company’s assets. The purpose of a pen-test is to evaluate the comprehensive security of a system by identifying opportunities for unauthorized access and demonstrating the impact of exploitation. The primary goal of a pen-test is a list of remediations/countermeasures to reduce security risk to the system.
AlphaONE provides white/black/gray box penetration testing in addition to red/blue/purple team engagements.
Our Social Engineering Penetration Test begins with an Open Source Intelligence (OSINT) investigation. Your company and high value internal personnel are the focus of investigation. We collect data from publicly available sources. Such as social media platforms, interest and hobby sites. As well as, public records and various online databases. Our goal is to find information that would enable an attacker to perform targeted attacks against your employees. This may result in information that could give an attacker access to your facilities, accounts, or other sensitive information.
Using this information, we tailor attacks known as “spear phishing” and “spear vishing” specific to chosen individuals. The goal is to show how an attacker can start with freely available online information and leverage that into possible personnel or data compromise within an organization.