Testing Goals, Objectives and Rules of Engagement Are Agreed
Your dedicated Physical Penetration Testing Team Leader will begin by meeting with your business stakeholders and agreeing on the specific goals, objectives and estimated timelines for the test. A typical test usually takes place over 2-3 weeks.
Agreed Rules of Engagement are documented, stating any prohibited attacks or tools to be used in the test and any specific location(s), personnel, business processes or access controls which should be considered out of scope. Additionally, security key performance indicators or metrics required are defined.
Open-Source Intelligence is Collected & Assessed
All available open-source intelligence (OSINT) information associated with the business operating locations in the scope of testing is collected.
Publicly available information from aerial photography, land and building surveys to building floor plans and heating, ventilation & air conditioning system schematics shall be obtained and analysed for potential points of entry.
The Testing Team may travel to locations in scope to observe and record perimeter barriers, parking conditions and points of building entry and exits. OSINT is also gathered on key stakeholders and staff to be assessed for use in conducting social engineering attacks.
Customised Attack Scenarios Are Created
Testers design customised attack scenarios simulating real-world threat actor techniques, tactics, and procedures (TTPs) to exploit potential weaknesses and attack vectors identified by the OSINT collected.
Attack scenarios shall be designed to bypass existing physical security access controls in place and gain unauthorised and undetected access to the locations and systems in scope. Attacks shall target people, processes, and technology in scope and include social engineering techniques.
Attacks Are Conducted and Evidence Documented
Testers execute the TTPs chosen to penetrate the facility, connect to systems, remove targeted information assets and exit undetected. Testing is conducted during both working and after-work hours. Typical attack scenarios include:
- Bypassing Perimeter Physical Barriers
- Bypassing Guards & Surveillance Systems
- Bypassing Physical Access Controls
- Bypassing Reception Access & Visitor Controls
- Bypassing & Social Engineering Staff
Audio and video evidence of attacks is collected by testers to provide evidence of penetrations.
Findings Are Presented to Key Stakeholders
We believe knowledge transfer is essential. The testing report is presented in a workshop to ensure the understanding of the findings and the risks associated with hosting the business information assets on the platform.