Demonstrated Physical Security Vulnerabilities for Large Non-Profit
- 501(c)(3) organization
- $189 million revenue
- 400+ employees
- A U.S. nonprofit agency needed to understand the risk surface of their headquarters office to both social engineering and physical access attacks.
- Leveraged Open-Source Intelligence Gathering (OSINT) techniques to survey the building and surrounding areas as well as locate information that may assist in gaining physical access
- Executed a multi-day physical penetration test and social engineering campaign both during and after core business hours.
- Documented gaps in employee training and access management that allowed for unauthorized building access during business hours and provided recommendations for strengthening programs to address uncovered issues
- Exploited insecure physical access controls to clone building badges, obtain building access from the outside after hours and shim doors to allow entry.
- Agency began implementing new, secure controls to address observations even before we had issued final report