480 targets · 12% credential submit · security-awareness gap
What is Social Engineering?
Social engineering and phishing testing is a controlled, consent-based assessment in which ethical operators impersonate trusted parties to measure how your people, processes, and email defenses respond to deception - across phishing emails, voice calls (vishing), SMS (smishing), and in-person or pretext scenarios. CyberXplore designs senior-led, manually crafted campaigns that mirror current attacker tradecraft - credential-harvesting lures, malicious attachments, and benign payload delivery - to safely quantify click rates, credential submission, and reporting behavior. Every engagement turns measured human risk into prioritized awareness, process, and technical-control recommendations rather than blame.
MITRE ATT&CKOWASPNIST SP 800-115PTES
Why CyberXplore
Senior-only testers (OSCP, CRTP, CREST)
ISO 27001 & ISO 9001 certified
Free retest + attestation letter
Tailored scope and quote in 24 hours
Why it matters
The human element factors into the vast majority of breaches - a single convincing phishing email can hand attackers valid credentials and bypass millions spent on perimeter controls.
Generic, off-the-shelf phishing simulations rarely reflect targeted attacker tradecraft; measuring susceptibility against realistic, manually crafted lures is the only way to know your true exposure.
Awareness training without measurement is a guess - baseline and repeat campaigns prove whether behavior, reporting rates, and time-to-report are actually improving.
Email gateways, MFA, and EDR can all be defeated by a well-built pretext; testing the human layer validates that your technical controls and incident response work together under real pressure.
Aligned with industry standards: MITRE ATT&CK · OWASP · NIST SP 800-115 · PTES
Our methodology
01
Scoping & Authorization
We agree objectives, target groups, channels (email, voice, SMS, physical), no-go areas, and a clear rules-of-engagement and authorization document - protecting both your staff and our operators.
02
OSINT & Pretext Development
Using open-source intelligence on your brand, suppliers, and people, we build believable pretexts and themed scenarios - from IT password resets to invoice and HR lures - tuned to your sector.
03
Campaign Build & Infrastructure
We register look-alike domains, configure tracked landing pages and credential-harvesting simulations, and prepare benign, instrumented payloads or attachments that record interaction without causing harm.
04
Controlled Delivery
We launch phishing, vishing, or smishing campaigns in measured waves, monitoring delivery, clicks, credential submission, and any data captured - while honoring stop conditions and safe-handling rules.
05
Measurement & Analysis
We analyze the funnel - delivered, opened, clicked, submitted, reported - segment results by department and role, and identify the gaps in awareness, process, and email defenses behind each outcome.
06
Reporting & Awareness Uplift
You receive blame-free metrics, trends against any baseline, and concrete recommendations for training, reporting workflows, and technical controls, plus an optional debrief for security and leadership teams.
What we test
Email phishing campaigns (bulk, targeted, and spear-phishing pretexts)
Credential-harvesting simulation via tracked look-alike landing pages
Vishing (voice/phone-based pretexting and helpdesk impersonation)
Smishing (SMS-based lures and one-time-code interception scenarios)
Pretexting and business-email-compromise (BEC) style scenarios
Benign payload and attachment delivery (macro/link/QR-code instrumentation)
MFA-fatigue and real-time relay phishing scenarios (where authorized)
Email gateway, filtering, and reporting-button effectiveness checks
Physical or on-site pretext and tailgating scenarios (optional)
Department- and role-based susceptibility segmentation
What you get
Executive summary with overall human-risk rating and key metrics
Campaign funnel metrics: delivery, open, click, credential-submission, and report rates
Department- and role-level breakdown with trends against any baseline
Analysis of which pretexts succeeded and the technical and process gaps behind them
Prioritized recommendations for awareness training, reporting workflows, and email controls
Anonymized, blame-free findings suitable for staff communication and board reporting
Optional debrief session and attestation letter for auditors and customers
Sample deliverable
What you'll see in your report
Every engagement ends with a clear, prioritized report: severity-rated findings with CVSS scores, affected assets, and remediation status - plus a free retest. The figures below are illustrative.
Findings by severity
12 total
Critical
2
High
6
Medium
3
Low
1
Critical · CVSS 9.6CX-1220
Full domain compromise (Domain Admin obtained)
MITRE T1003CORP domainOpen
Critical · CVSS 9.0CX-1214
EDR bypass - payload executed, no alert raised
MITRE T1562ws-022.corp.localOpen
Illustrative red team assessment sample - anonymized to example.com.
High · CVSS 8.0CX-1202
Spear-phishing → initial access (38% click rate)
MITRE T156624 of 63 employeesOpen
Want the full anonymized sample report? We'll include it with your quote.
“As an early-stage team we needed real depth, not a checkbox scan. They hardened our LLM product and walked us through every fix.”
Hardened in 30 days
FC
Founder & CTO
Early-stage AI startup · Seed · LLM product
AI / ML
Certifications held by our testers
OSCP
CRTP
CREST
CEH
eWPTX
ISO 27001
ISO 9001
Frequently asked questions
Yes. Every campaign is fully authorized, scoped, and bound by rules of engagement. We use benign, instrumented payloads, never expose real data, and report results in an anonymized, blame-free way focused on improving defenses rather than punishing individuals.