• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Physical

TSA cybersecurity directives: What pipeline companies need to know

August 4, 2021 By Ken Smith

After the Colonial Pipeline ransomware attack shut down the entire pipeline system for over a week, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) issued a directive requiring all pipeline companies to take immediate actions to mitigate cyber risks. The first cybersecurity directive was issued on May 27 and the follow-up directive was ... READ MORE

Physical Penetration Testing Basics – A Primer

October 9, 2017 By Mike

Physical Penetration Testing is an assessment that involves testing physical security controls to see where they might fail. While this can include a number of different activities, including social engineering, many doors and locks are designed to simply slow down an attacker, not completely protect against one. At RSM, we constructed a sample door for demonstration and ... READ MORE

Dirty Deeds…. On Video

May 26, 2017 By Thomas McBee

Recently the team and I were engaged in a physical penetration test where our goal was to gain access to multiple facilities and data deemed sensitive by the client. During our internal discussions for the engagement it was brought up that recording portions of the assessment could provide some additional benefit for the client. As they say, a picture is worth a thousand ... READ MORE

Do it Live! – Social Engineering Training

March 24, 2017 By Bryan

Social engineering one of the most utilized attack vectors used in real world breaches. These come in the form of phishing, vishing, device drops, and even in person. A lot of research and prep-time comes into play with social engineering as we have to know the target, the objective, the environment, and most importantly ourselves. Prior to security, I performed in theatre for ... READ MORE

Gotta Vish ‘Em All: Managing a Large Vishing Engagement

October 3, 2016 By Jeremy

I was recently tasked with managing a rather large vishing campaign targeting a major financial institution. Normally when we get these kinds of campaigns, we're tasked with making ten to fifty phone calls (whether or not someone answers) and report the results. This campaign differed in that we had to talk to 100 individuals. Now it doesn't sound so bad, right? In reality, our ... READ MORE

Identity Legitimacy: Making Your Own ID Badge

June 30, 2016 By Jeremy

A big part of performing any sort of physical penetration assessment involves a little bit of social engineering. More often than not, we choose to spoof a legitimate employee or vendor to attempt to enter the facility. Now, simply saying that you are Joe Schmo from Corporate isn't likely to get you very far. A successful tester will have to look the part, dress the part, and, ... READ MORE

Personal Preparation for Active Shooter Events

April 18, 2016 By Ken Smith

It's an uncomfortable topic to address, and this is certainly a change in tone for the War Room. But unfortunately, it's 2016, and this is the world in which we live. Active Shooter events are now a significant factor in the consideration of organizational security policies and procedures and are steadily increasing in frequency year to year. According to a 2014 study by the ... READ MORE

Bypassing Common Physical Security Interior Controls

February 8, 2016 By Ken Smith

A few months ago, I wrote a post about some of the simple techniques we use to get around common perimeter security controls, and I realized today that I've gotten you onto the property and left you high and dry! So, I would like to remedy that today and discuss some of the more successful tactics we use in our day-to-day work to get around interior controls. As in the previous ... READ MORE

Beer:30 – Physical Security Assessment

January 4, 2016 By Jeremy

Our very own patchwork talks about conducting a Physical Security Assessment for RSM's Beer:30 web series. ... READ MORE

Bypassing Common Physical Security Perimeter Controls

November 18, 2015 By Ken Smith

http://www.pennmedicine.org/perelman/images/renderings/lobby_desk.jpg

On a recent physical penetration test, I encountered a curious, but not uncommon, scenario. The target organization sat spread across multiple, disconnected floors in a shared, third party-owned high rise.  The large first floor lobby was a public space and included a central guard desk (which really only functioned as an information kiosk). The target did include a reception ... READ MORE

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.