Each and every physical penetration test is conducted consistently using globally accepted and industry-standard frameworks which help make up our physical pentesting methodology. In order to ensure a sound and comprehensive physical security test, RedTeam leverages industry-standard frameworks as a foundation for carrying out penetration tests. At a minimum, the underlying framework is based on the NIST Special Publication 800 Series guidance and OSSTMM but goes beyond the initial framework itself.
Physical Penetration Testing Steps
The first phase in a physical penetration test is focused on collecting as much information as possible about the target. Passive Reconnaissance, aka Information Gathering, is one of the most critical steps of a physical pen test. This is done through the use of public tools, such as Google Earth. As a result, it is usually possible to learn a great deal about the target’s surroundings and environment.
Open Source Intelligence
An important step in a physical penetration test focuses on collecting information that is freely available. Open Source Intelligence Gathering can be quite telling about a target, its people and specifics about the environment. This is done through the use of a different set of public tools, such as social networks, job boards, etc. Through thorough analysis, it begins to paint a picture of the target and its primary operations.
Active Reconnaissance in a physical penetration test generally involves gathering information offline. This often includes telephoning, emailing or otherwise directly querying target staff or vendors of the target for material not available or impossible to obtain through online means. The information obtained will be used to build a better plan as the process progresses.
Covert Observation is exactly what it sounds like. This often includes covert photography of the target up close in an effort to identify physical security controls and monitoring staff as they are coming and going.
By this time, the information collected in the previous phases is beginning to coalesce. Vulnerabilities, exit points, entrance points, cameras, guards, fences, company technology, staff members and other relevant information are used to begin planning an attack.
Planning and intelligence gathered by various means by now have morphed into a plan of attack including. Pretexting involves setting the plan into action and ensuring the team’s equipment, transportation and personnel are synchronized and ready to execute.
Infiltration, Exploitation & Post-Exploitation
During these phases, the team carries out the plan by exploiting vulnerabilities discovered using information and intelligence captured during the earlier phases of the assessment. Post-exploitation involves penetrating further into the environment and setting up to maintain a persistent backdoor.
Learn more about RedTeam Security's advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.