What Standards is our Methodology Based on?
- Technical Guide to Information Security Testing and Assessment (NIST 800-115)
- The Penetration Testing Execution Standard (PTES)
- Payment Card Industry (PCI) Penetration Testing Guidance
RFID Cloning
If RFID access cards are in use, an RFID Cloner can be used to read the contents of an employee badge and create a duplicate badge which can be used for entry.
Tailgating
Tailgating involves following an employee into the building or having an authorized user open the door for a member of the attack team, potentially utilizing social engineering.
Physical Control Bypass
Triaxiom will attempt to gain access through bypassing the physical security controls in place. This includes setting off motion activated doors from the outside, using an under-the-door tool to open the door from the inside, or other various methods to bypass security mechanisms.
Social Engineering
Triaxiom may employ the use of social engineering to try to gain access to the facility. This may include pretending to be facility maintenance or a delivery driver, for example.
Test Network Jacks
Another important step in the physical penetration testing methodology is to check your active network jacks in meeting rooms and your company lobby. Often overlooked, unused active network jacks can be exploited by plugging in a wireless access point.