The three phases of a Mimic Corps Simulative Dynamic Heist Evaluational Pen-test Operation; 
Phase one
Pre-attack phase / Planning

• Define the Simulative Dynamic Heist Evaluational Model (internal or external, physical penetration targets, enabled rights and privileges, etc).

• Define goals, establish and review deescalation policy, scope of work and testing targets.

• Determine the scope of a target(s) environment and or target asset(s).

• Develop the cyber testing & Covert methods of entry methodology.

• Define all interaction and communication procedures. Communicating this Information across all parties involved.
Phase two
Attack phase / Testing

Field vulnerabilities identification.

• Custom Covert method of entry tools are kitted and/or developed accordingly.

• Vulnerability detection, scanning, elimination and copying.

• Vulnerabilities exploited & gaining an unauthorized access accomplished.

• Covert utilization of compromised systems as a springboard for further/ future intrusion and exploitation.
Phase three
Post-attack phase / Reporting 

Video-graphic & written Evaluational analysis and reporting with recommendations for reducing risks and a stepped method to mitigation.

• Visual demonstration presentation of the potential damage that can be inflicted to and on an organization and its individuals.

**Additionally, Mimic Corps can provide services to eliminate the detected vulnerabilities on your behalf.

Client Received Deliverables

 

   At the end of the Simulative Dynamic Heist Evaluational Pen-Test Operation. Mimic Corps provides our customers with an extensive library of video-graphic operational review evidence and accompanying reports and recommendations to effectively eliminate the detected security breaches:

* In depth thorough description based on the achieved results and operational findings.

 
* A List of detected system vulnerabilities, in order of their severity classification. Referencing

 ease of exploit and how harmful to the system, organization and personnel they may be.

 

*List of changes in the system that were implemented during testing.


*Full Test protocol (including instruments and tools used, parts and equipment that were exploitation checked and issues found).


* Immediate actionable recommendations to eliminate the Identified security Flaws.

What are the "Penetration Testing" Benefits of a "Simulative Dynamic Heist Evaluational Pen-Test Operation"..?


*A complete view of an organizations physical security system, S.O.P.Protocols and cybersecurity open source vulnerabilities and how to fix it! 

*Mimic Corps provides In depth detailed information on real security threats in dynamic and static high-security environments.


*Mimic Corps Identifies Surreptitious security vulnerabilities allowing the

Client to prioritize remediation(s) accordingly, apply needed security patches and allocate security resources etc.

Helps IN Maintaining Regulatory compliance. (GLBA, HIPAA, PCI DSS, FISMA/NIST ETC.)


*The detailed video-graphic & written reports generated after the simulative dynamic heist evaluation pen-Test operation. Help to avoid fines for non-compliance and help illustrate due diligence to auditors by maintaining required security controls at all times. Avoiding the cost of system/network/physical business downtime!

*Mimic corps Provides in depth specialized guidance and recommendations to avoid feared financial pitfalls, by identifying and addressing risks before attacks or security breaches EVER occur!

Below we describe typical steps taken during the social engineering stress testing phase of a Simulative Dynamic Heist Evaluation Pen-Test Operation;

Phase One
Planning
 • Ultimately Dependent on the customer’s desired evaluation Requirements that Mimic Corps helps define.
• The type(s) of social engineering stress testing attack(s).
• Selection of targeted employee(s) to test.
• Specific organized timing of the attack(s).
Phase Two
Reconnaissance

Examples; 

Black Vault Method Option
Mimic Corp harvests information about the company, its employees, business partners customer’s etc. The same way criminalized and non criminalized intruders would do: from open sources ; listings, business registers ,social media accounts, press releases, Television, newsletters, etc.

White Vault Method Option
Mimic Corp and the client agree on the requested necessary information from the company’s representative(s). That information is then co communicated to the Operations team at Mimic Corps
Phase Three
Attack Preparation

•Mimic Corps Ops Team creates an In depth Elaborate rehearsed story-line & plan of execution behind each attack(s). Then prepares the attack(s) for use as malicious emails, manipulative SMS / text / phone call & "click" links, security bypass methods of entry attack(s) etc.
Phase Four
The Operational Attack

•The Mimic Corps Ops team runs one or several social engineering attacks on the target personnel.
Phase Five
Evaluational  Reporting & Analysis

•We analyze the test outcomes and provide a detailed video-graphic/ written final report & Post operation debrief containing
• A scored overview of each tested employee(s); security knowledge adherence & Inefficiencies, Standard operating procedure knowledge adherence, Inefficiencies & Emotional sociological risky behavior analysis .
• All Information disclosed or retrieved by/ from the employee(s).
• A list of all Identified Vulnerabilities & Equipment/ Infrastructure suggested adaptive remediation actions & methods of procurement.
• All potential cyber threats of exploitation, the Mimic Corps Ops team has found.
• All Physical & Cyber security remediation recommendations.
** Additionally, Mimic Corp Ops Team can assist in performing the remediation activities to help reduce the risk in the event of a real world social engineering attack.
• Preparing and/or conduction of cybersecurity training for personal with a focus on vulnerabilities revealed specifically during the testing Operation(s).
• Installing, testing and configuring security components.


Share by: