RED TEAM EXERCISE
Service Description
CAG conducts Red Team Exercises and Testing to gain physical access to targeted network resources within an organization’s physical location. Physical access controls are often overlooked by organizations as they consider external network threats only from a digital point of view.
Our Methodology
Passive Reconnaissance: We begin by conducting open source intelligence research on the target organization to determine potential avenues of attack and associated vulnerabilities.
On-site Reconnaissance: Next, we observe your physical location in order to identify weak points in your on-site physical security. Items that we’ll observe include physical entry and exit points, video surveillance systems, physical access control systems, badge usage and security guard behavior.
Exploitation: Once we have identified weak points, we will utilize non–destructive methods of physical entry into buildings or bypassing electronic security systems. These activities will include tailgating, impersonation, social engineering, and utilizing counterfeit badges to gain entrance to facilities.
Where possible, we will attempt to photograph, record or document sensitive material within your environment.
Lastly, we will locate a networked computer and attempt to access your corporate network.
Our Deliverables
In addition to the usual status updates and meetings, CAG will deliver written drafts of the following material:
- Summary of the attack and results of that activity
- Summary of your identification and response to attack, if any
- List of recommendations for improving your physical security
