TSI
CYBER
Phishing Engagements
Phishing engagements serve to assess both the technical and social controls associated with malicious code execution delivered through email. These engagements can take the form of independent campaigns or be part of our phishing maturity assessment. Independent campaigns employ high-complexity phishing templates custom-developed for your organization, allowing for testing click rates and/or payload execution. These campaigns can serve as a one-time validation of defensive capabilities or be scheduled for regular repeat testing, such as monthly or quarterly.
The phishing maturity assessment, on the other hand, focuses solely on click rates and spans an eight-week period. During this time, 1 to 2 Proof of Concept (PoC) approved phishing campaigns are sent each week, with the difficulty of detection increasing progressively. The engagement model is designed to initially expose end-users to generic phishing attacks, with the complexity of the campaigns escalating over the weeks to enhance end-user detection and reporting capabilities. Upon request, elements may be added to gamify the reporting of phishing emails, further enhancing end-user interaction.
TSI
CYBER
Vishing Engagement
Vishing, short for "Voice Phishing," is the practice of calling users within an organization with the intent to maliciously extract information or establish a pathway for remote access. Whether conducted independently or bundled with other services, vishing engagements serve to assess user susceptibility and provide a comprehensive evaluation of the overall security posture.
In the context of a remote-only vishing engagement, the process involves a series of steps. First, researchers perform in-depth analysis to construct an organizational profile. This is followed by the identification of end users based on their roles and levels of interaction with external stakeholders. Subsequently, a targeted campaign is executed, comprising 3 to 5 vishing calls. The information gleaned from these calls is carefully collated for reporting purposes. Notably, points of success or failure in the vishing attempts are then identified, flagged, and subjected to detailed analysis and reporting. This meticulous approach ensures a nuanced understanding of the organization's vulnerabilities and strengths in the face of vishing threats.
TSI
CYBER
Physical Security Engagements
Our cybersecurity engagements evaluate both personnel and security measures in place to safeguard organizational assets. Two models, Audits and Operations, support these efforts. The Physical Security Audit (PSA) involves a facility walkthrough with a designated Point of Contact (POC) to assess deployed security measures for accuracy and effectiveness. The audit ensures compliance with Rules of Engagement (RoE) and may validate security measures through coordinated efforts.
The Physical Security Operation (PSO), similar to a Red Team Operation, tests an organization's physical security capabilities and personnel without prior knowledge by staff. This clandestine operation aims to gain internal access, establish a Command & Control (C2) channel, or exfiltrate data, involving substantial research and legal approvals, with potential risks and the possibility of declination in situations endangering personal safety, such as armed guards.
Comprehensive Reporting
Receive detailed reports outlining discovered vulnerabilities, attack vectors, and recommended mitigation strategies. This actionable intelligence empowers you to fortify your defenses and maintain a proactive security posture.
Let's Get Started
To give our team an idea of what kind of services you're interested in, fill out this short form.