HOW DO WE TEST?
 WITH THE IMPLEMENTATION OF...


 "Simulative Dynamic Heist Evaluational Methods''


Covert Methods of Entry


The Mimic Corps Ops Team are experts in a "non-destructive" method that is a category of breaching (a.k.a. clandestine breaching, stealth entry, surreptitious entry) which allows operators to enter a locked structure, office, vault / safe, container, environment etc., leaving 'no trace' behind of an entry ever having been conducted. There is no damage or evidence left behind. It is accomplished by Employing techniques, which fall under several specialized categories, such as; lock picking, lock circumvention, lock bypass, emulation, copying and/or "other" advanced surreptitious 'Covert Methods of Entry' (C.M.O.E.).

Social Engineering Stress Testing


Emulates the approach Methods and techniques criminalized and non criminalized intruders use to trick employees, Management and owners into divulging critical information, effectively enabling security system and protocol breaches. Social engineering stress testing helps evaluate your employees’ security alertness and level of adherence to security Standard Operating Procedures and Protocols, often under the pressure of intimidation, urgency or sociological conformance.

**Social engineering stress testing is available as part of a well rounded and fully comprehensive penetration evaluation or as a separate service entirely.


Social Engineering Stress Testing Methods and Techniques applied at Mimic Corps.

Emulation Examples of Criminal Exploitation Methods and Techniques include..

But are not limited to;

 •Authority    Exploitation     
   Visually and sociologically mimicking a person of authority (example; police/ security supervisory personnel, executive internal management or the company's CEO them self.) For the purpose of pressuring your Staff at all levels into fulfilling the requested required actions.


•Intimidation Exploitation 
   Causing subtle elevations in physiological conditions such as heart rate & respiratory rate. Ultimately resulting in the ability To exploit emotional instabilities caused by stress methods. such as the use of suggesting or threatening severe consequences if certain actions are not performed according to specific demands(example; management reprimand, etc). THE resulting FACTOR, IS Standard Operating Procedure Non-compliance and decision making Inefficiencies.


• Sociological Exploitation 

   Using Cultural Acceptance and Non Acceptance pressuring techniques, example; socially Implying that a required requested action is what is considered ; Correct, intelligent, Law abiding, rule following," WHAT good people do". Using social dynamic Intricacies such as personal beliefs, ( Including but not limited TO ) predictable; political, social or religious socially required conformities, that can be exploited.


•Scarcity & In-availability Exploitation   
   Making a time, or a specific segment of time a very limited offer! Causing a subconscious emotional desire to accept.


•Abrupt Energetic Urgency Exploitation 
   Creating an immediate high energy action to make your employees act without processioning proper Standard Operating Procedures.


•Subconscious Association & Familiarity Exploitation 
    Using special effects Methods for the purpose of Impersonating personnel, your staff subconsciously recognizes. Ultimately resulting in a breach of security safeguards.

Contact Us

Black Vault


 Operations are conducted in life-like dynamic conditions having strictly limited knowledge of your network and no information on the security policies of; site security operational methods, network structure, software, network and physical security protection used.

Gray Vault


 We examine your security system having some information on your physical security protocol, cyber & network security, such as users login information details, architecture diagrams/ network’s overview, Physical security equipment model information for bypass weakness evaluations.

White Vault


 We identify potential points of weakness by using full access physical security entry credentials and cyber admin rights as well as access to server configuration files, database encryption principles, source code/ architecture documentation. This is the full keys to the shop approach.



  • conducting specifically timed physical personal interactions.


  • .Creating a story for the attack, which is easy to buy into.


  • Sending real emails, text/ SMS & making real phone calls.

''Real-World Realism'',....
It is difficult to create lifelike test conditions to see how employees will respond to malicious psychological manipulation.

The Mimic Corps Solution,
  ''We take great effort in ensuring that all personnel and staff are unaware of testing. Allowing employee(s) and personnel to be properly tested in a Real-world dinamic environment for the Covert retrieval of Information about the company, the site, the security procedures / protocols and target employee(s).''

Learn more

Mimic Corps Social Engineering stress testing Attacks Include (but are not limited to);

01

Phishing

Specifically designed malicious emails sent to multiple employee(s) for the purpose of gathering sensitive Information, credentials, important data, etc.


02

Spear phishing   

Specifically designed malicious emails sent to specific employee(s) responsible for high-level decisions. For the purpose of gathering sensitive Information, credentials, access codes, important data, etc.

03

Vishing


 Manipulative phone calls specifically scripted and rehearsed to multiple employee(s) for the purpose of gathering sensitive Information, credentials, important data, etc.

04

Smishing

Manipulative & malicious mobile text messages specifically designed to be sent to multiple employees for the purpose of gathering sensitive Information, credentials, important data, etc. 

Examples we use;

• Emails with malicious URLs and underlying attacks, to check if the user(s) opened them, when and how often.

• Emails with fake invitations, including login and credential request forms, to check if the user filled them in and submitted them, when and how often.

• Emails with pre-embedded executable files for the purpose of checking if the user downloads and/or installs the attack, Including the number of downloads and installs preformed by each user.

Share by: