OSINT & SOCIAL ENGINEERING THREAT ASSESSMENT
HARD ⭐⭐⭐⭐ — COMPTIA PENTEST+ DOMAIN 2 & 3
ENUMERATE · ANALYSE · ASSESS · DOCUMENT · RECOMMEND
Loading target profile: Vantara Solutions...

OBJECTIVES

Enumerate company website
Identify key personnel & roles
Extract intelligence from job postings
Enumerate DNS & certificate data
Build 3 viable pretext scenarios
Complete the threat matrix
Identify effective mitigating controls
Submit the threat assessment
🌐
OSINT Browser
📌
Findings Board
📊
Threat Assessment
OSINT SE LAB
OSINT
Findings
Assessment
--:--:--
PHASE 1 — OSINT ENUMERATION
MISSION BRIEF
HARD ⭐⭐⭐⭐ — PENTEST+ DOMAIN 2 & 3

OSINT & SE THREAT ASSESSMENT

TARGET: Vantara Solutions (vantara-solutions.com)

SCENARIO

You have been engaged to conduct an OSINT-driven social engineering threat assessment against Vantara Solutions. The client wants to understand what information is publicly available about their organisation and how a real attacker could weaponise it. You will enumerate public sources, identify intelligence value, and produce a professional threat assessment documenting viable social engineering scenarios.

PHASE 1 — OSINT ENUMERATION

Browse the simulated public sources. Every page you visit may contain intelligence. Add findings to the Findings Board as you go — findings are added automatically as you explore.

PHASE 2 — THREAT ASSESSMENT

Open the Threat Assessment tool. It has four tabs — all must be completed before submitting:

  • Tab 1 — Pretext Scenarios: for each of the three SE scenarios, select the correct target, grounding OSINT finding, attack vector, and credibility detail
  • Tab 2 — Threat Matrix: rate each scenario by likelihood and identify the primary OSINT driver
  • Tab 3 — Mitigating Controls: select all controls that would meaningfully reduce the SE risk
  • Tab 4 — Score & Submit: review your work and click Submit Threat Assessment — your score and feedback are only revealed here

No feedback or scoring is shown until you submit on Tab 4.

WHAT YOU ARE PRODUCING

A Social Engineering Threat Assessment — the professional deliverable red teamers provide to clients. It documents capability, not an attack. It answers: "Given what is publicly known, what could an attacker plausibly do, and what would stop them?"

SOURCES TO ENUMERATE

SourceURL
Company websitevantara-solutions.com
About / Teamvantara-solutions.com/about
Careersvantara-solutions.com/careers
LinkedIn profileslinkedin.com/company/vantara
DNS recordsdns.vantara-solutions.com
Cert transparencycrt.sh/vantara-solutions.com
Display Mode
OSINT BROWSER — Vantara Solutions
🔒 Go
Home
About / Team
Careers
LinkedIn
DNS
Cert Transparency
FINDINGS BOARD
OSINT FINDINGS — Vantara Solutions
0 / 16 discovered
SE THREAT ASSESSMENT — Vantara Solutions
Pretext Scenarios
Threat Matrix
Mitigating Controls
Score & Submit
PRETEXT SCENARIO BUILDER

For each scenario, select the OSINT findings that make it credible, the attack vector, and the specific intelligence used. A pretext is only viable if it is grounded in real findings.

THREAT MATRIX

Rate each threat scenario by likelihood and impact given the OSINT gathered. Justify your ratings by selecting the most relevant OSINT finding that drives each assessment.

MITIGATING CONTROLS

Select all controls that would meaningfully reduce the risk of the identified social engineering scenarios. For each, rate its effectiveness against the specific threats identified.

Scoring is based on: accuracy of pretext scenarios (are the selected OSINT findings actually relevant?), threat matrix ratings (do they reflect the real risk?), and identification of effective mitigating controls.

A score of 70+ passes. 85+ is client-ready. This assessment would be delivered as a report section explaining to the client exactly what an attacker could do with their public footprint.