Comprehensive Assessment Capabilities
Rigorous, offensive validation engineered to expose perimeter blindspots and deliver structured, framework-aligned remediation data.
Wireless Attack Surface Assessment (WASA)
Spectrum AuditingAn organization’s physical perimeter is often treated as a hard boundary, yet radio frequency (RF) signals disregard concrete walls and glass windows[cite: 3]. The WASA is an offensive security methodology designed to discover, audit, and analyze your organization’s physical RF footprint without causing service disruption[cite: 3].
Core Assessment Capabilities
- Corporate Network Auditing: Full capture and classification of authorized Access Points (APs), matching BSSIDs, signal strength (RSSI), and corporate endpoint hardware[cite: 3].
- RF Environment Density Mapping: Comprehensive indexing of surrounding neighbor APs, unmanaged nodes, and overlapping signals causing employee leakage[cite: 3].
- Bluetooth Low Energy (BLE) Enumeration: Persistent tracking and profiling of device classifications (smartphones, IoT tokens, corporate equipment)[cite: 3].
- Watchlist & Threat Detection: Cross-referencing parameters against an active threat dictionary to flag unauthorized proximity hardware (e.g., Flipper Zero units)[cite: 3].
Workbook Architecture & Artifact Deliverables
| Workbook Tab | Content & Strategic Use |
|---|---|
| Executive Dashboard | High-level summary showing Overall Risk Score, total findings counts, and environment status[cite: 3]. |
| Summary | Master metric tracking index holding session parameters, operational dates, and consolidated hardware tallies[cite: 3]. |
| Findings | Itemized ledger documenting observed wireless vulnerabilities mapped by severity with mitigation blueprints[cite: 3]. |
| Corporate WiFi | Verified inventory cataloging authorized internal access points, BSSIDs, RSSI, and encryption modes[cite: 3]. |
| Suspicious Devices | Anomaly triage list separating components exhibiting erratic behaviors or high-risk consumer IoT profiles[cite: 3]. |
| Watchlist Hits | High-urgency detection frame tracking radios or active offensive platforms that triggered signature alerts[cite: 3]. |
Public Attack Surface Assessment (PASA)
External FootprintAs new cloud environments are provisioned, marketing sites launched, and platforms tested, the perimeter expands[cite: 4]. The PASA is designed to discover, map, and analyze your entire Internet-facing footprint exactly how an adversary sees it using passive open-source intelligence (OSINT) gathering[cite: 4].
Core Assessment Capabilities
- Asset Discovery & Domain Inventory: Mapping of root domains, subdomains, and hosts to establish a single comprehensive "Source of Truth"[cite: 4].
- Shadow IT Identification: Automatic filtering of public infrastructure exhibiting unmanaged development, QA, staging, or testing configurations[cite: 4].
- Certificate Transparency Monitoring: Deep inspection of public certificate logs to detect hidden infrastructure or cryptographic exposure[cite: 4].
- Email Security & Posture Scans: Analysis of domain-level messaging configurations (SPF, DKIM, DMARC) to mitigate spoofing paths[cite: 4].
Workbook Architecture & Artifact Deliverables
| Workbook Tab | Content & Strategic Use |
|---|---|
| Executive Dashboard | Top-level summary translating technical asset counts and findings into an objective, weighted risk rating for leadership[cite: 4]. |
| Asset Risk Ranking | Weighted technical registry prioritizing hostnames based on calculated compound risk metrics[cite: 4]. |
| Critical Entry Points | Filtered matrix focusing on perimeter assets with extreme pivot potential like public auth gateways or VPN nodes[cite: 4]. |
| Attack Path Analysis | Structural blueprint tracing multi-stage exposure vectors, mapped natively to MITRE ATT&CK[cite: 4]. |
| Control Mapping | Strict technical matrix aligning findings back to framework controls including CIS v8, NIST CSF, and ISO 27001[cite: 4]. |