Level 2 – Advanced Phishing Penetration Test
The Advanced Phishing Penetration Test assesses the performance of your security stack at the desktop/server level and across the inbound and outbound points of your network. These technologies include file extension handling, port filtering, MIMES, Type Checking, Anti-Virus, Application Whitelisting, and Proxy Filtering.
The Advanced Phishing Penetration Test has 3 discrete phases:
Phase 1- Mail Gateway Assessment
We will send customised non-malicious packages to a dedicated email address within your organisation. Using different file extensions and techniques, the packages will attempt to bypass your mail gateway restrictions to assess the anti-virus, anti-spam, content filtering and file filtering restrictions.
Phase 2- SOE Assessment
Using your standardised pre-built SOE hosts and the successfully injected packages, we will then execute the packages that circumvented existing controls. This will test the SOE’s controls, antivirus, and application defences. The packages that were successfully executed will be used as an input for the final phase of the audit.
Phase 3- Egress Filtering
At this stage we will identify the executed packages that were able to connect to our central Command and Control centre. The aim is to test the outbound infrastructure (firewall rule sets, proxies, SIEM and Analytics platforms, and outbound antivirus systems) against external Malware connections.
Contact us for pricing >>