Social engineering consultant designing a targeted phishing campaign for a client
OSINT analyst gathering open-source intelligence on an organization's attack surface
Security researcher simulating a vishing call to test employee security awareness
Consultant documenting social engineering findings after a physical access test
Security team reviewing OSINT reconnaissance findings during a client briefing
HUMAN ATTACK SURFACE
Social engineering and OSINT testing exposes what attackers can learn about your organization — and how far they get by exploiting people rather than systems. CyberHeals delivers phishing, vishing, and pretexting simulations alongside OSINT reconnaissance that maps your digital footprint, the same data an attacker collects before launching a targeted campaign.
FULL-SPECTRUM TESTING
From Phishing to Physical Intrusion
Targeted phishing campaigns measuring click and capture rates
Vishing and pretexting calls testing staff security protocols
OSINT reconnaissance mapping your external digital footprint
A track record of exposing human-layer vulnerabilities that technology misses — giving organizations data to harden their most exploited attack surface.
An engagement includes an OSINT phase to map your digital footprint, followed by simulation activities — phishing campaigns, vishing calls, physical access attempts, or pretexting. The engagement is scoped so your executive team has visibility while the simulation stays covert from employees being tested. All activities operate under a signed rules-of-engagement agreement.
Open Source Intelligence (OSINT) is the collection of publicly available information about your organization — employee names, email patterns, exposed credentials, corporate structure, and technology stack. Attackers use this before launching targeted campaigns. Our assessments surface this exposure so you can reduce your digital footprint and prepare your people.
We use purpose-built phishing infrastructure that does not capture real credentials — employees who click are redirected to a safe landing page. Physical simulations are conducted with security team oversight and defined objectives. All rules of engagement are signed before the simulation begins, including emergency stop procedures and excluded systems or people.
Deliverables include an OSINT findings report showing exposed data and attack surface, a simulation results report with anonymized click and engagement metrics by department or role, and prioritized recommendations covering policy changes, training, and technical controls. A debrief session walks leadership through the findings and answers questions directly.
Engagements are fixed-fee based on the scope and number of employees targeted, the simulation vectors included, and whether an OSINT phase is included. A basic phishing simulation for a mid-sized team can be scoped and quoted within a day. Full adversary-profile OSINT and multi-vector campaigns are scoped via a brief call and proposal.
We need a scoping call, an email list or headcount for the simulated population, any domains or email formats to use, and the name of the internal sponsor who receives results. You do not need to inform the rest of your team — maintaining simulation integrity is standard practice. We issue a proposal and rules-of-engagement document within two business days.
CyberHeals — global cybersecurity in 10+ countries
Social engineering consultant designing a targeted phishing campaign for a client
OSINT analyst gathering open-source intelligence on an organization's attack surface
Security researcher simulating a vishing call to test employee security awareness
.webp)
Consultant documenting social engineering findings after a physical access test
.png)
Security team reviewing OSINT reconnaissance findings during a client briefing
.webp)
.webp)
.webp)
.webp)
