Our methodology for physical penetration testing
Goals
- Control the peripheral security of buildings
- Test the ability of an attacker to break into it
- Attempt to connect attack devices
- Check the reaction of employees and security guards
Steps
- Daytime recognition
- Night recognition
- Day and / or night intrusion attempts
- Network socket protection tests
- Connecting attack devices
Main checks
- Main doors
- Secondary doors
- Basement
- Car park
- Rooftops
- Windows
- Terraces
- Unloading docks
- Freight elevators
- Main elevators
- Service elevators
- Firefighters access
- Service hatches
- Emergency doors
Intrusion scenario
- Camera bypass via blind spot
- Access by secondary door used for employee breaks
- Service Provider Identity Theft
- Access through a window that remains open
- Entering the premises via underground car park
- Security officers bypassed during their rounds
- Picking weak locks
- The pretext of forgetting a badge at his work station
- Introduction of a malware on a workstation
- Connecting hacking equipment to a network outlet