During this phase, an operational environment is discussed and established with the help of written/verbal communication & scoping questionnaires, defining:
Open Source Intelligence (OSINT) techniques are used in combination with neutral observation actions in order to collect as much information as possible regarding the targets to be tested. The more the information, the most attack vectors can be crafted. The intelligence gathered can be of the following types:
Based on the information gained from the previous steps, the phishing payload are crafted, targeting specific employees, combining real facts regarding each target, in order to be as realistic as possible. The payload, apart from the social content, includes a type of attack, such as client-side exploits, clickjacking, cookie stealing or other stealing attack.
The core phase of the phishing exercise starts here, with carefully crafted emails, spoofed web pages, documents, videos, and other physical or intelligent digital articats that simulate a credential, session or other type of information stealing action.
When the phishing campaign completes, a risk-based report is generated including an executive and technical report, success ratio and mitigation recommendations.
SpearIT can additionally offer training services for your personnel, in order to establish or maximize the already established security awareness withing the team. The training can either target specific employees/departments or be offered in a more systematic way to your internal compliance officer/security department in order to integrate awareness to your organization's security policy.
Independent technical evaluations — from penetration testing and phishing simulations to full red-team exercises — to validate resilience and build confidence in your defenses.
We help organizations move beyond patch lists by prioritizing vulnerabilities according to exploitability, business impact, and regulatory requirements. This ensures remediation efforts focus on the issues that truly reduce risk and strengthen resilience.
Simulates the tactics, techniques, and procedures (TTPs) of real-world adversaries, we evaluate end-to-end how well your organization’s people, processes, and technologies detect, respond, and recover from a realistic attack.
