◧
Four-pane operator workstation
A live ops console with a tmux-style 2x2 of operator terminals: recon, identity, web plus cloud, and validator with planner, each showing real tool calls (nmap, BloodHound, impacket, ffuf, aws, kubectl) with a blinking caret on the active pane.
Guardian 03
Orchestrated Omnichannel Social Engineering
A real social engineering attack is not one email. It is a calendar invite, then a WhatsApp message that sounds like your CFO, then a Teams call where the face on screen is convincing enough to move money. Cherubim runs that full chain, safely, with consent, and with a central intelligence layer that adapts each stage to how the target responded to the last one.
Phishing email
Context aware lures generated from open source signals about your organisation, graded by who clicked, who reported, and who escalated.
Smishing and WhatsApp
SMS and WhatsApp pretexting that mirrors how modern attackers move a target off corporate channels and onto a personal device.
Voice and vishing
Consented voice cloning of an authorised internal persona to test whether a phone call alone can unlock a process it should not.
Live deepfake video
Real time face and voice synthesis that can join a scheduled Zoom, Microsoft Teams, or Google Meet call, to test executive impersonation under live conditions.
Slack and Teams
Internal messaging follow up that exploits the trust people place in tools inside the perimeter, the channel attackers love most.
Helpdesk and process
Targeted engagements against password reset, MFA recovery, and vendor onboarding, the human processes that bypass every control you bought.
Why orchestration is the product
Each channel on its own is a commodity. The value is the narrative engine that keeps one story consistent across all of them, escalating only when the target leans in and standing down when they resist or report. That is exactly how a serious adversary operates, and it is the only honest way to measure whether your people would actually catch them.