CATSCAN PROJECT METHODOLOGY
Phase I - Information Gathering and Vulnerability Detection
The ProactiveRISK team collects information about infrastructure, facilities and employees. The team gathers as much relevant information as possible. Open Source Intelligence Gathering in particular can be quite telling about a target, its people and its facilities. Meanwhile, it reveals such technical elements as physical or logical security controls, foot traffic, terrain and infiltration or exfiltration points.
Phase II - Information Analysis, Planning and Weaponization
Informed by the intel gathered in Phase 1, weaponization involves preparing the operation unique to the target. This generally includes crafting custom file payloads, prepping RFID cloners, configuring hardware trojans, acquiring social engineering costumes and creating falsified personas or companies.
Phase III - Attack and Penetration
This delivery stage marks the active launch of the operation in totality. Here, consultants carry out actions against the targets intended to reach the CATSCAN operation’s goals. Physically cloning badges, social engineering face-to-face targets, analyzing cyber vulnerabilities and planting hardware trojans for remote network persistence are among the activities. It all leads to identifying the best opportunities for exploitation.
Phase IV - Privilege Escalation and Exploitation
Exploitation during a CATSCAN project is exactly what it sounds like. At this point, the goal is to break-in” – to compromise servers, apps and networks, bypassing gates, fences, locks, radar, motion detection, cameras and all other physical controls, then exploit target staff through social engineering by face-to-face, email, phone, fax or text. The exploitation stage enables the preparation for the escalation and installation phase.
Phase V - Installation
The installation stage’s primary goal is to prepare for persistence. This could amount to either cyber-persistence or physical persistence. During this stage, the team establishes a beachhead by taking advantage of the incursions undertaken in the exploitation step. Privilege escalation on compromised servers, shells, malicious file payload installation, usage of physical key impressions and lockpicked doors are revealed here.
Phase VI - Command & Control
Maintaining persistence is the goal for the Command & Control phase. ProactiveRISK takes cyber-focused steps to ensure remote access to exploited systems are stable and reliable, setting the stage for data exfiltration and other post-exploitation tasks and goals. On the physical and social side, manipulating people into enabling circumvention of physical barriers in order to create backdoors into facilities are key.
Phase VII - Actions on Objective
During this phase of a CATSCAN project, the team aims to complete the mission and realize the agreed-upon objectives set by the client and ProactiveRISK. Actions on objective happen via lateral movement throughout the cyber environment as well as the physical facilities. Pivoting from compromised systems and from breached physical security controls, all capturing video, audio and photographic evidence support each finding discovered. Ultimately, the team exfiltrates data, information or physical assets the target deems critically sensitive.
The ProactiveRISK team collects information about infrastructure, facilities and employees. The team gathers as much relevant information as possible. Open Source Intelligence Gathering in particular can be quite telling about a target, its people and its facilities. Meanwhile, it reveals such technical elements as physical or logical security controls, foot traffic, terrain and infiltration or exfiltration points.
Phase II - Information Analysis, Planning and Weaponization
Informed by the intel gathered in Phase 1, weaponization involves preparing the operation unique to the target. This generally includes crafting custom file payloads, prepping RFID cloners, configuring hardware trojans, acquiring social engineering costumes and creating falsified personas or companies.
Phase III - Attack and Penetration
This delivery stage marks the active launch of the operation in totality. Here, consultants carry out actions against the targets intended to reach the CATSCAN operation’s goals. Physically cloning badges, social engineering face-to-face targets, analyzing cyber vulnerabilities and planting hardware trojans for remote network persistence are among the activities. It all leads to identifying the best opportunities for exploitation.
Phase IV - Privilege Escalation and Exploitation
Exploitation during a CATSCAN project is exactly what it sounds like. At this point, the goal is to break-in” – to compromise servers, apps and networks, bypassing gates, fences, locks, radar, motion detection, cameras and all other physical controls, then exploit target staff through social engineering by face-to-face, email, phone, fax or text. The exploitation stage enables the preparation for the escalation and installation phase.
Phase V - Installation
The installation stage’s primary goal is to prepare for persistence. This could amount to either cyber-persistence or physical persistence. During this stage, the team establishes a beachhead by taking advantage of the incursions undertaken in the exploitation step. Privilege escalation on compromised servers, shells, malicious file payload installation, usage of physical key impressions and lockpicked doors are revealed here.
Phase VI - Command & Control
Maintaining persistence is the goal for the Command & Control phase. ProactiveRISK takes cyber-focused steps to ensure remote access to exploited systems are stable and reliable, setting the stage for data exfiltration and other post-exploitation tasks and goals. On the physical and social side, manipulating people into enabling circumvention of physical barriers in order to create backdoors into facilities are key.
Phase VII - Actions on Objective
During this phase of a CATSCAN project, the team aims to complete the mission and realize the agreed-upon objectives set by the client and ProactiveRISK. Actions on objective happen via lateral movement throughout the cyber environment as well as the physical facilities. Pivoting from compromised systems and from breached physical security controls, all capturing video, audio and photographic evidence support each finding discovered. Ultimately, the team exfiltrates data, information or physical assets the target deems critically sensitive.
