Skip to main content
KeenSafe
Offensive · Human Risk Management

Human risk management — measure and reduce identity-driven attack paths

Realistic, ethically-bounded phishing, vishing and identity-impersonation campaigns combined with just-in-time awareness — measuring and reducing human-driven attack-path risk.

Request engagementAll services
Offensive Security·Continuous adversarial validation
LiveHuman Attack Surface · Live
Phishingcampaign · 5 dayuser 1user 2COMPROMISEDuser 3user 4user 5COMPROMISEDuser 6MFA Fatigueconsent phishingCLICK · 38%CRED HARVESTED · 12PATH VALIDATED · 2 → DCT1566
The problem

Where teams get stuck

Generic phishing tests train people to click "report" but do not measure whether human-driven access actually leads to a business-impact attack path. Awareness fatigue grows; risk does not move.

The KeenSafe approach

How we engage

KeenSafe ties human-targeted campaigns to validated downstream paths — credentials harvested are tested against MFA, lateral movement and privilege escalation. Awareness training is delivered just-in-time, in context, and measured by reduction in real path success rates.

Methodology

Four-step engagement model

Same rigour every engagement, calibrated to your environment, threat model and regulatory exposure.

STEP 01

Targeted campaign design

Realistic pretexting, sector-appropriate content, scope-bounded targets.

STEP 02

Multi-channel execution

Phishing, vishing, smishing, MFA fatigue and identity impersonation, with safe-by-default controls.

STEP 03

Path validation

Harvested access tested against business-impact paths — does this credential reach a crown jewel?

STEP 04

Just-in-time awareness

Contextual training served at the moment of risk, with measurable behavior change.

What you get

Deliverables

Every engagement ships these outputs — reproducible, evidence-backed and ready for executives, engineers and auditors.

Human risk score per group

Measured exposure by department, role and seniority — not vanity click rates.

Path-validated harvested credentials

Were the harvested creds usable to reach a real crown-jewel system?

Just-in-time awareness

Training served at the moment of failure, with re-test follow-up.

Executive risk narrative

Board-grade view of human-driven attack-path risk, not click-rate vanity metrics.

Scope of engagement

What this engagement covers

Concrete coverage. Clear boundaries. Optional add-on tracks where customers want to extend.

Included
  • Realistic phishing campaigns (sector-appropriate pretexting, ethical bounds)
  • Vishing campaigns (phone-based pretexting under signed scope)
  • Smishing + MFA-fatigue + push-bombing simulations
  • OAuth consent-phishing campaigns (M365 / Google Workspace)
  • Identity impersonation simulations (BEC scenarios under explicit scope)
  • Harvested-access validation: do captured creds chain into Tier-0?
  • Just-in-time awareness delivered at moment of failure
  • Per-group, per-role, per-seniority risk scoring
Optional add-ons
  • Executive-track (impersonation, BEC, board-targeted) under signed scope
  • In-person social engineering (tailgating, badge cloning) under physical-engagement scope
  • Continuous quarterly retainer with evolving pretext library
  • Custom training content tailored to your sector
Out of scope
  • Industrial espionage scenarios (out of ethical scope)
  • Personal-life targeting of individuals (strict prohibition)
  • Without explicit HR + legal sign-off: no executive impersonation
Engagement model

How we deliver

Duration
4–8 weeks per campaign · or continuous quarterly cadence
Team
Social-engineering specialist + identity-attack operator + behavioural-design lead
Format
Remote-first · onsite for executive-track scope
Who it is for
  • CISO + IT leadership
  • HR + people-leadership partnership
  • Executive impersonation track requires explicit board sign-off
Sample report

What lands on your desk

Sections customers actually see in the engagement deliverable.

  1. 01
    Per-group risk score

    Department / role / seniority resolution; tracked longitudinally across campaigns.

  2. 02
    Path-validated harvested credentials

    For each captured credential set: would it chain into a real Tier-0 / crown-jewel reach?

  3. 03
    Just-in-time awareness outcome

    Which trainees received contextual training at moment of failure; behaviour change measured next cycle.

  4. 04
    Executive risk narrative

    Board-grade view of human-driven attack-path risk — replaces click-rate vanity reporting.

MITRE ATT&CK

Techniques covered

T1566
Phishing
T1598
Phishing for Information
T1556
Modify Authentication Process
Compliance mapping

Frameworks & regulations

ISO 27001 A.6NIS2 Article 21PCI DSS 12.6GDPR Art. 32
Common questions

Frequently asked

How is this different from KnowBe4 / Hoxhunt?
Those measure click rates. KeenSafe measures whether the human-driven access actually chains into an exploitable business-impact attack path — and whether retraining moves that risk down.
Can you target executives?
Yes — under explicit, signed engagement scope. We frequently run dedicated executive impersonation and BEC simulations as their own track.
What about MFA fatigue?
Push-bombing, SIM-swap-style and consent-phishing simulations are part of the standard playbook, with safe-by-default controls.
Related services

Pairs well with

Offensive · Managed Red Teaming

Managed red teaming

Objective-oriented engagements aligned to specific threat actors and crown-jewel outcomes. Multi-vector attack chains, evasion-aware tradecraft, and a purple-team debrief that upgrades both prevention and detection.

Read more
Offensive · Managed Pentesting

Managed penetration testing

Senior offensive consultants combine the KeenSafe platform with manual depth across external, internal, web, mobile, API and cloud surfaces — delivering reproducible attack-path evidence, not screenshots.

Read more
Training · Executive Awareness

Executive cyber awareness

Boardroom-level briefings on cyber risk, attack-path economics and security governance — built for executives, board members and non-technical leaders.

Read more
Get Started

Work with the team behind KeenSafe

Continuous adversarial validation, managed security operations and executive-grade risk visibility — delivered by senior offensive security engineers.

Request engagementExplore the platform