We will draw information from a wide range of sources, including, but not limited to: corporate registries, local and international media archives, litigation and court databases, online discussion forums, social and professional networking websites, deep-web resources (such as closed discussion groups, activist data repositories and ‘big data’ information channels) and proprietary databases that contain information which is not available to the public.
This will enable us to identify and assess vulnerabilities which could be cultivated though the use of social engineering.
We will conduct both passive and active reconnaissance in order to fully assess the vulnerabilities of the site.
Passive reconnaissance will build on the findings of OSINT and look to understand what vulnerabilities can be identified prior to a site visit. It is always possible to glean a significant amount of information about a target’s vulnerability by studying its surrounding environment.
Active reconnaissance would constitute offline information gathering, with a focus on social engineering. This may include using telephone calls, or emails, and directly querying select staff or vendors in order to obtain information.
To complete the vulnerability analysis, we would conduct covert observation to build up a pattern of behaviour for individuals with access to the building; employees, contractors, couriers etc.
Based upon the findings of the vulnerability analysis, we will formulate a plan to gain access to the target building.
Exploiting various techniques and routes, we will task a team of operatives, over a two-day period, to attempt at least one entry each day. We will provide all of the equipment necessary for this phase and we will also conduct a full risk assessment in advance.
In order for this phase to accurately assess the buildings physical security measures under a normal posture, it is vital that staff are not warned of our activity in advance.
Post exploitation is clearly dependent upon our operatives having first gained access to the building.
During this phase, our operators will seek to identify physical security weaknesses within the building. They will identify opportunities for covert recording devices to be deployed within the building, assess whether access could be gained to computers, survey what information can be gathered from employee’s desks and more generally, assess the staff’s willingness to challenge unknown visitors to their building.
Of note, the individuals we will employ for this activity are all highly trained, former law enforcement personnel, with appropriate experience.
Upon completion of the activity above, we will provide a comprehensive written and verbal report of our activity, key findings and recommendations on how to improve your security posture.