Social engineering and impersonation is also used throughout the engagement, in person and over the phone to facilitate the red team in securing access to restricted areas. These techniques are employed to understand the level of security awareness training within the organisation rather than to highlight the failings of individual employees.

Including physical security and social engineering techniques into engagement scope helps ensure that security controls can be tested in the most realistic fashion possible. The end goal throughout the scenarios is always to obtain sensitive company information.

​

Once access has been gained into offices, access to the company networks becomes the focus. A number of offices employ Network Access Control (802.1Q), or a "wireless only" network infrastructure for employees and this organisation is no different. The red team have to use multiple techniques including NAC bypass, MAC spoofing and attacks against the enterprise WPA wireless security to gain access persistent access to the network. 

​

With access to the internal offices and branch networks secured, there still remains a great deal of work to locate the company's internal applications, data stores and to compromise the active directory. This can be time consuming work, so aswell as working in the offices, the red team hide a 4G implant in the office, to garauntee network access once they leave the offices. 

​

The red team now has persistent remote access to all of the corporations networks, remaining undetected throughout, the hard task of getting back out of the building now awaits.