Our Approach and
Methodology
The SecureState Profiling Team are well known and highly regarded as experts in Penetration Testing. Our approach follows industry accepted testing methodologies such as PTES, NIST 800-115, and OSSTMM. By following these methodologies, our clients can accurately replicate the testing SecureState has performed in their own environment to accurately mitigate identified vulnerabilities. The SecureState Profiling Team also helps identify strategic “root cause” issues through our Penetration Tests. Our Risk Management Team is uniquely positioned to work closely with the Profiling Team in order to assist clients with mitigating these strategic “root cause” issues.
Phase I – Pre-engagement Interactions:
In this phase, SecureState works with the client to establish the rules of engagement as well as the scope; and exchange contact information for both parties. SecureState provides a detailed Project Charter which contains information on scope and everything that will be required to conduct the testing. The Project Charter is discussed during the kickoff call prior to the beginning of the engagement. Additionally, an “Authorization to Test” letter is signed by authorized client personnel. This letter is kept by all SecureState Profiling Team members conducting the on-site assessment work.
Phase II – Remote Intelligence Gathering:
SecureState begins any Physical Attack & Penetration Test remotely by conducting an extensive search of open source intelligence on the target company. This research finds information about the target company from public databases, tax records, job openings, social networks, Internet search engines and much more. In addition, our staff members review extensive information regarding the target locations themselves through the use of online mapping tools; which include satellite imagery and street level views.
Information gathered from this phase is used to determine potential threats to the company and the different locations in scope. In addition, this data is used to craft social engineering and other attack scenarios to be potentially used during the on-site testing.
Phase III – On-site Intelligence Gathering:
Once on-site in the vicinity of the target locations, SecureState conducts an extensive intelligence gathering phase. This includes covertly observing the target location for such things as security guard rotation, badge usage, entrances and exits, locks, surveillance and CCTV systems, security lighting, employee behavior and much more. Additionally, SecureState utilizes our specialized skills in RF/Wireless frequency scanning to determine security guard or other company personnel that may be using radio communications. These communications can be intercepted to provide intelligence to the Profiling Team members prior to the attack.
Finally, SecureState re-evaluates any social engineering or other attack scenarios developed during Phase I. This step is to determine if previous attack scenarios will still be valid since the on-site intelligence gathering may yield new results.
Phase IV – Vulnerability Analysis:
During the vulnerability analysis phase, SecureState attempts to determine the location of the physical vulnerabilities in scope. SecureState also determines if any scenarios developed in previous phases can be used to exploit found vulnerabilities. For example, a side entrance at a facility was found to be unlocked and no camera seemed to be present. This may be a vulnerability that can be exploited to gain unauthorized access to the facility.
In addition, SecureState creates items and prepares specialized equipment prior to the exploitation phase. For example, if a piggy backing scenario is determined as an attack vector, SecureState may create fake employee badges to assist in bypassing the watchful eye of a security guard at the main entrance.
Phase V – Exploitation:
In the exploitation phase, SecureState exploits vulnerabilities found during the vulnerability analysis phase. Scenarios are executed and the attack commences. Depending on the scenario being executed, this phase may take place during the day or night. During this phase, SecureState conducts mostly covert non-destructive entry to gain access to facilities. For example, piggy backing open entrances, social engineering employees or security guards as well as using other techniques. Destructive entry techniques such as lockpicking are only used if previously authorized by the client.
Phase VI – Post Exploitation:
The Post Exploitation Phase includes pillaging, penetrating further into the facility, documentation and cleaning up any remains from SecureState’s testing.
Phase VII – Reporting:
As part of the deliverable, SecureState provides a report which contains a short graphical summary aimed at senior management, a narrative body which details major findings; and a detailed findings section aimed at technical staff. Additionally, SecureState will provide a closing call and high level executive presentation to summarize the penetration test; as well as provide an opportunity to ask questions about the engagement.