Live Hacking

Besides technical security measures, it is essential that your employees possess a high level of security awareness.

Redguard uses live hacking events to reach your employees. They are usually held as a lunchtime event at your premises. During these live hacking events, our security experts demonstrate effectively to the audience how computers, smartphones and other devices can be hacked. They aim to raise awareness and increase the interest among people. A Q&A session is held at the end of the event to address any unanswered questions.

Our live hacking modules

Select any number of modules for live hacking at your premises and raise the awareness of your employees in specific areas.
  • VULNERABLE SMARTPHONES

    Scenario:

    Jonny Odermatt uses his phone for all his online activities. Not just the personal ones, but also for tasks at work. He has won several prizes in a variety of competitions, so he is always on the lookout for new opportunities whenever they arise.

    Attack:

    An attacker has picked Jonny as the target and is aware of his liking of competitions. So he stages a fake competition to seize control of Jonny’s telephone. To do this, he creates a forged invitation with a QR code that needs to be scanned using a smartphone: “Scan the QR code now to enter the draw for a trip round the world.” But the attacker has added malware to the QR code so that he can take control of Jonny’s phone as soon as the scan is complete.

  • EMAIL THREATS

    Scenario:

    Christina Roth is Head of HR in one of the leading metalworking companies. Her company recently advertised an attractive position as Head of Sales, so Christina receives several applications every day that she needs to review and answer.

    Attack:

    An attacker has picked the company as a target, so potential victims that receive a lot of documents by email are extremely popular. Every company has an HR Department that advertises vacancies, so the necessary information is easy to obtain. To mount the attack, the hacker creates a fake CV as a Word file containing macro code, which seizes control of the victim’s client as soon as it is executed.

  • MALWARE BY FLASH DRIVE

    Scenario:

    Johanna Klaus is a receptionist in a leading real estate management firm. Her daily routines include receiving visitors and accompanying them to the agents’ offices. Several visitors drop by every day, so she has to leave her workplace for brief periods from time to time. Although the company has a policy stating that employees must lock their computers when leaving them unattended, Johanna generally leaves her workstation unlocked because she is only gone for a few minutes.

    Attack:

    An attacker notices this pattern and exploits the brief opportunity to take control of Johanna’s computer. The device’s location at Reception increases the exposure, as lots of unfamiliar faces show up there every day and then leave shortly afterwards.

  • USING UNSECURED WI-FI

    Scenario:

    Karin Kurz is CEO of a major international bank with branches all over the world. Karin likes to keep an eye on things and make sure that everything is running smoothly, so she spends a lot of time travelling to the individual branches for inspections. She needs to be available online when travelling as well, so she regularly connects with public Wi-Fi at airports, hotels or on-the-fly, for instance at Starbucks.

    Attack:

    An attacker exploits this situation and creates an access point with a familiar name like StarbucksWi-Fi (deliberately not Starbucks, as devices might otherwise connect automatically) and then collects data as man-in-the-middle.

  • PASSWORDS AS SECURITY RISKS

    Scenario:

    Peter Schuster is a family man and Technical Director of a Swiss SME. He has acquired computer skills at work, which he also likes to use in his personal life. So he is registered on a variety of portals. But unfortunately he uses the same combination of user name and password for all these portals. More recently there have been increasing numbers of cases in which the user names and passwords for this kind of portal have been published in an encrypted form.

    Attack:

    An attacker has downloaded the published list with all the passwords. He uses the list and a password cracker to obtain the correct codes.

  • SMART HOME – SMART ATTACK

    Scenario:

    Security cameras are connected to wireless switches because the staff does not want to be observed during the day. This means that all cameras can be switched on in the evening and off in the morning by a central control unit.

    Attack:

    An attacker manages to intercept the wireless signal and take control of the cameras. He can hide his burglary by deactivating all the cameras shortly beforehand.