During a Physical Security Assessment, our team at El Ganso Dorado works to circumvent physical security measures in an effort to gain unauthorized access to your networks and entry into your facilities, including offices, buildings, and data centers. This process allows us to assess the strength of your physical security controls and evaluate the vigilance of your staff.
The primary objective is to identify potential weaknesses within your physical security framework and provide actionable recommendations to address these gaps before they can be exploited by malicious actors.
Approach & Methodology
Our Physical Penetration Tests involve simulating an intrusion into your facilities through a systematic approach. Here’s how we proceed:
- Reconnaissance & Footprinting: We start by collecting information about your organization to identify all external and internal assets and physical controls using various methods.
- Scanning & Analysis: Next, we analyze security systems such as video surveillance and study employee behavior to pinpoint weaknesses and their associated vulnerabilities.
- Attack & Exploitation: In this phase, our team makes targeted attempts to breach security by penetrating specific areas. We also plant custom-built backdoors created by El Ganso Dorado to gain access to your IT environment.
- Access & Exfiltration: Finally, we retrieve confidential information such as personal data, source code, internal procedures, and credit card numbers to demonstrate the potential impact of a real attack.
Note: Please be aware that our physical intrusion penetration tests commence only after receiving explicit, signed authorization from your organization.
Deliverables
- El Ganso Dorado will provide you with a report which includes the following deliverables at the end of our testing:
- Executive Summary, highlighting critical physical vulnerabilities and business risks, and our recommendations
- Technical Report with our findings and suggested recommendations for remediation and mitigation of the identified vulnerabilities
Presentation of the critical vulnerabilities and business risks (optional)