Experienced and Highly Technical Leaders in the Security Industry

Deep security research, world class advisory services, and innovative security solutions.

Looking for our latest Worldwide Enumeration document?

Our Smart Building Security Offerings


Exploring a new technology? Need to understand the security exposures of particular system or device? Whether you are considering investing in new smart infrastructure or upgrading an existing facility, we can help!


WhiteScope has developed a number of useful BAS focused tools that can help extend your security capabilities. Our automated configuration analysis, automated password analysis, and world wide enumeration tools can help you better manage your BAS security exposures!

Managed Security Services

Need help implementing security within your BAS deployment and operations? Our BAS focused managed security service can help! Our managed services include: BAS security log monitoring, BAS password/account auditing, and BAS compromise detection.

Our Story

WhiteScope is a leading, independent provider of expert training and professional security services. We bring extensive, internationally recognized expertise and experience to every client engagement. WhiteScope has hands-on experience with assessments of the most critical high integrity systems, some of which involved the security of nations. WhiteScope is proud to have security consultants with the highest credentials including industry award winners, published authors, and speakers at the most prestigious security conferences including: Black Hat Briefings, RSA, DEFCON, Blue Hat, NATO CCDCOE, and many others. WhiteScope is also proud to offer security consultants with active Department of Defense security clearances for those highly sensitive systems that should only be evaluated by those who have been deemed especially trustworthy.

Our Professional Services

IoT and BAS Device Assessment

Our consultants have extensive experience reviewing BAS, IoT,and automation devices. We're experienced in assessing standalone devices as well as "system of system" deployments commonly found in modern smart buildings.

BAS Deployment Assessment

Our consultants have extensive experience with BAS assessments, datacenter reviews, "air gap" analysis, and full spectrum red team (including physical access) assessments.

Custom Security Engagements

Looking to solve a specific, custom problem? Have a security requirement that doesn't quite fit into a traditional security service description? Our experienced consultants can help

Our Tools and Managed Security Solutions

Worldwide BAS Enumeration

Our BASec (pronounced "BASIC") service scours the Internet in search for exposed buildings. Our BASec service provides automatic notification when a facility associated with your organization appears on the Internet

Automated BAS Password Analysis

Weak passwords represents one of the most commonly exploited mechanisms in BAS deployments. Our service periodically reviews user and device passwords within your BAS deployments and automatically notifies you when a weak password is discovered

Automated BAS Configuration Analysis

Managing configurations from multiple devices can be difficult and arduous. Our custom software automatically collects, decomposes, and analyses BAS configurations and compares each setting against your deployment policies

BAS Attack and Compromise Detection

Our software can automatically collect BAS security event logs and automatically scans for signals of attack or compromise. When strong indicators of compromise are discovered, our software can automatically notify your organization

BAS Nessus Plugins

WhiteScope has developed a number of Nessus/Tenable plugins which can help discover and enumerate building automation components within your networks.

BAS Protocol Fuzzing

Throughout the years of device assessments, WhiteScope has developed fuzzers for various BAS protocols such as: BACnet, LON, Zigbee, and serial protocols

Our Experience and Special Skills

WhiteScope consultants have had the privilege of working on some very exciting engagements. This section provides an overview of the various, special technologies where we have hands-on experience.


BAS 0-Day vulnerability research and discovery

BAS privilege escalation and pivot exploitation

Experience with the security of Tridium Niagara, WebCTRL, Andover, and MetaSys deployments

Experience working with network, wireless, and serial hardware and protocols

Web server, web browser, browser plug-in, and mobile device application security research

Are you ready to go?

We'd love to hear about your security challenges and we're eager to find ways to help