Social Engineering Exercises simulate an external actor from the internet, without any previous knowledge of the infrastructure and/or configuration, that performs targeted phishing attacks (spear-phishing) towards client’s employees. The aim of the exercise is to measure staff awareness (click count on phishing link) and to lure targets into submitting their credentials (credential theft). The approach is goal oriented and aims to demonstrate the maximum impact of a successful attack that could allow a third party to compromise users’ workstations and use them as a gateway to propagate the attack to the internal corporate network.


    Overall, Obrela’s risk assessment service provides organizations with a comprehensive understanding of their security posture and helps them make informed decisions about their security investments. By identifying and mitigating potential risks, organizations can better protect their critical assets and minimize the impact of potential security incidents.


More specifically, the attack scenarios within the context of the SE exercise will evaluate the ability of an external actor to:

  • Obtain unauthorized system or internal network privileges
  • Obtain unauthorized access to sensitive data
  • Modify, corrupt or destroy data
  • Eavesdrop corporate network communications
  • Change or introduce software, malicious or otherwise

    The objective of the SE exercise is (a) to assess client employees’ security awareness level, (b) to assess the effectiveness of the infrastructure defense mechanisms against phishing attacks, and (c) to identify vulnerabilities and/or misconfigurations in the internal network that may allow a successful phishing attack to propagate.


Obrela’s portfolio includes a wide range of Advisory Services, led by a team of highly skilled and certified cybersecurity experts. These services are designed to enhance an organization’s resilience to cyber threats, leveraging our global expertise and a strong focus on business objectives.

Advisory Services


Obrela Security Industries offers a comprehensive risk assessment service as part of its suite of cybersecurity solutions. This service is designed to help organizations identify, analyze, and mitigate potential risks to their information systems, applications, and networks. Obrela’s risk assessment methodology involves a multi-step process that includes:

  • Asset Identification
  • Threat Assessment
  • Vulnerability Assessment
  • Risk Analysis
  • Risk Mitigation
  • Monitoring and Review
Risk Assessment


Obrela’s compliance assessment service is designed to help organizations ensure that they are meeting regulatory requirements and industry standards. The service provides a comprehensive review of an organization’s existing compliance program, policies, procedures, and controls to identify gaps and areas of non-compliance. Obrela’s compliance assessment service covers a wide range of regulatory frameworks and industry standards, including PCI DSS, ISO 27001, HIPAA, GDPR, and others. The assessment process typically includes a review of documentation, interviews with key stakeholders, and testing of controls to evaluate their effectiveness.

Compliance Assessment


With decades of operational excellence, Obrela can leverage its expertise to evaluate and advise clients on their SOC regardless of their maturity, capabilities, or size. During the assessment stage, Obrela examines the current deployment of operations and evaluates it against security and incident management requirements, creating blueprints for improvements where necessary. The artifacts produced provide a roadmap of the required actions that need to be considered for a successful SOC operation model. In this context, the following process and people elements are reviewed:

  • Standards, Procedures & Policy
  • Documentation and Scoping
  • SOC Maturity & Training
  • Use cases & Ticket Workflow
SOC Capability & Maturity Assessment


OBRELA Labs specializes in offensive security and comprises a group of cyber professionals who excel at conducting cutting-edge Red Teaming engagements for our clients. These engagements involve highly sophisticated offensive security exercises that simulate real-world cyber threats and replicate the operational methods of Advanced Persistent Threat (APT) Groups. At its core, Red Teaming exercises assess the effectiveness of the Client’s Blue Team and give invaluable insights into any weak spots that would allow a malicious threat actor to cause significant reputational and material damage to an organization.

Red Teaming is specifically designed to evaluate the efficacy of an organization’s defenses against sophisticated cyber attacks by assessing the people, processes, and technology involved. Unlike traditional penetration testing, Red Teaming spans multiple domains such as physical, social, networks, and applications, utilizing a range of Tactics, Techniques, and Procedures (TTPs) to determine how well an organization’s security operations can cope with a cyber threat.

Red Teaming


Today’s networks and systems are an order of magnitude more complex than they were even a few years ago, which means that defending them has become non-trivial. Even the best-resourced organizations can’t see or anticipate every vulnerability. Penetration tests give clients a wealth of insights into where weaknesses lie, allowing fixes and countermeasures to be put in place before real attackers discover and exploit them. The test report delivered at the end of this process provides a critical baseline for the management of risk, including which fixes should be given a high priority. This helps organizations understand how they should plan security investments going forward.

OBRELA Labs, our specialized offensive Team, has a proven track record among customers with complex environments such as, but not limited to, financial services and banking, telecommunication providers, maritime (shore and vessel), healthcare, critical infrastructure, online retailers, insurance. Our penetration tests are carefully tailored to simulate scenarios that assume different attacker’s standpoints and levels of knowledge regarding the target

Penetration Testing


Provide a holistic array of assessment services on the organization’s security layers across Systems, Cloud Providers, Networks, Applications. It identifies gaps in the architecture security design, audit and log readiness, policies and controls that might put the organization’s critical assets at risk.

  • Security Architecture Design Review
  • Cloud Audit Assessment
Security Architecture Review



    Turnkey threat detection and response service that helps our clients manage operational risk and significantly reduce the mean time to detect and respond to cyberattacks.

    Learn More

    MRC Services offer an umbrella of solutions that enable clients to effectively manage and orchestrate various aspects of cybersecurity such as governance, risk, compliance, and operations. Our comprehensive approach streamlines these diverse facets of cybersecurity, providing clients with a cohesive and integrated security solution.

    Learn More

    Obrela offers a suite of managed security services that are designed to help organizations strengthen their cybersecurity posture. These services include Managed NG Firewall, Managed WAF, Managed Database Protection and Audit Control, Managed Identity Access, and Security Design and Integration Services. With a focus on comprehensive protection and scalability,

    Learn More


Contact Us to discuss how Social Engineering is applicable to your business

Contact Us