Physical Penetration Tests find and exploit the vulnerabilities within a company’s physical controls and barriers. A Physical Security Test is a non-invasive1, comprehensive assessment of all the Physical Security controls in place at a facility or location. Depending on client objectives and requests for verification, Elevate may employ various Physical Penetration Testing techniques aligned with the desired objectives.
Some of the tasks we might conduct for Physical Penetration Testing are:
- Reconnaissance to include, observing foot traffic, tagging high-value employees, logging times of entry and exit, surveilling external perimeter security measures, monitoring Security staff and the timing of their rounds
- Performing OSINT – attempting to gather facility information, building and office information, fire exits, garages, rooftop access, etc.
- Attempting to gain access to secured offices by lock picking doors, bypassing locks with known weaknesses, bypassing unproperly installed doors and locks and gates, etc.
- Testing if RFID badges and readers are susceptible to tampering or hacking
- Social engineering by use of piggybacking and/or pretexts to attempt to gain entry, trying to impersonate fellow employees, trying to impersonate 3rd party vendors, etc.
- Detecting and assessing the Access Controls – attempting to hack and bypass them, biometric and other electronic security measures
- Attempting to hack and bypass Monitoring and Surveillance systems – targeting WiFi, checking if it’s on the same network, and possibly jamming the surveillance
- Determining whether there are blind spots or weaknesses in the Monitoring and Surveillance systems
Once a foothold is gained into the premises, our team will attempt to:
• Access computers and/or information assets. Elevate will provide evidence that access was obtained, and data infiltration took place
• Gain access to Workstations, Servers, connecting implants, keyloggers, rogue USB devices, or even rogue Wi-Fi access points
• Drop implants and rogue devices, with the purpose of simulating an exfiltration of information, to determine the efficiency of IT in detecting and discovering the devices
• Dumpster dive, hop fences, access “private areas”, locked closets, etc.
Elevate’s team will conduct a thorough assessment of your firm’s physical security measures and determine areas of weakness that need improvement.
1Onsite Walkthrough Assessments (only true “non-invasive” effort similar to a “field day”)