Physical Red Team
Assessing Physical & Technical Controls
Often referred to as red-teaming or war-gaming; realistic enterprise simulations cover broad areas of the organisation. Designed to discover entry points and security weaknesses that can be compounded to leverage control.
A leading global corporate approached Modux to perform a full scope attack scenario against their organisational infrastructure, including their head office and customer branches.
Modux worked with heads of the internal audit team to structure multiple offensive security scenarios against their physical, data network and online security systems. All security controls were included in the scope of testing, including RFID barriers, works entrances and IT security controls.
Social engineering and impersonation is also used throughout the engagement, in person and over the phone to facilitate the red team in securing access to restricted areas. These techniques are employed to understand the level of security awareness training within the organisation rather than to highlight the failings of individual employees.
Including physical security and social engineering techniques into engagement scope helps ensure that security controls can be tested in the most realistic fashion possible. The end goal throughout the scenarios is always to obtain sensitive company information.
Once access has been gained into offices, access to the company networks becomes the focus. A number of offices employ Network Access Control (802.1Q), or a "wireless only" network infrastructure for employees and this organisation is no different. The red team have to use multiple techniques including NAC bypass, MAC spoofing and attacks against the enterprise WPA wireless security to gain access persistent access to the network.
With access to the internal offices and branch networks secured, there still remains a great deal of work to locate the company's internal applications, data stores and to compromise the active directory. This can be time consuming work, so aswell as working in the offices, the red team hide a 4G implant in the office, to garauntee network access once they leave the offices.
The red team now has persistent remote access to all of the corporations networks, remaining undetected throughout, the hard task of getting back out of the building now awaits.