Social Penetration Testing uses logical and physical penetaration testing techniques to try to gain access to sensitive data. The main avenue of attack is social engineering but other techniques can also be used to gain access to sensitive information.
SecureState will begin by identifying the site, working with the client to choose specific targets and any limitations on the assessment. Depending on the scope, SecureState will also gather any open source intelligence available on the Internet about the site and your company, which may be used as part of the test. Our consultants will also craft a special kit to use during the assessment, including fake badges, monitoring equipment, keystroke loggers, and a variety of other tools.
Once we begin the assessment, SecureState will at first take a passive stance, observing the site and gathering any information that might help with the actual penetration effort. We will note the common entrance points, observing common times of entrance and exit, and observing the security in place on each door. SecureState will then attempt to gain access to the facility and gain access to any of the targets identified before the assessment.
As a key part of this assessment, SecureState will attempt to use social engineering techniques to gain access to the facility using social engineering techniques to convince the various people at the site to give us access to the facility, provide us with further information, or allow us to remain on the premises.
After the incursion, SecureState will document our results, providing a detailed description of both the techniques used, and suggestions for the best methods for addressing these.