For diligence, EDD and corporate intelligence teams

Visible exposure, local context

Around hotels, riads, real estate and retail sites in Morocco, I assess internet-facing exposure, verify it on the ground, and map the informal local practices that shape inherited risk.

EDD Pre-signing diligence Field verification Technical annexes

Assessment Focus

  • Transaction risksinherited technical exposure, brand abuse, booking fraud, staff-channel leakage and compliance burden at integration.
  • Public exposureinternet-facing camera and NVR services, exposed interfaces, domain traces and platform signals visible from outside.
  • Validation gapsinternal topology, credentials, firmware state, segmentation and compromise are not asserted without authorised access.
  • Operating contexthospitality density, staff and vendor workflow indicators, informal administration and constraints visible from the field.
  • Visible infrastructurecamera placement, connectivity traces, device estate where observable, vendor marks and local technical conditions.
  • Wireless baselineWi-Fi density, WPS exposure, band usage, hardware indicators and district-level patterns collected passively.

How Firms Use It

Exposure Memo

Outside view of visible digital exposure before deeper diligence or authorised site access.

Field Verification Note

Site, district or corridor observations where documentation and operating reality may diverge.

Technical Annex

A digital and field layer inside EDD, investment risk, corporate intelligence or counsel reports.

Public Evidence

Digital Infrastructure and Operational Risk in the medina of Fez

Independent OSINT and field assessment of internet-facing surveillance exposure and local wireless conditions in the Fez medina. Field collection on foot over four days: 1,027 unique BSSIDs, 76.3% WPS-enabled, zero enterprise-grade deployments.

Executive brief Full report, 19 pages
Illustrative report format Hospitality portfolio pre-investment digital risk assessment

Scenario-based format showing how district indicators, inherited technical exposure, brand abuse, staff-channel risk and compliance burden can be written for a transaction file.

Executive brief Full report, 14 pages

Working Standard

Findings use ICD-203 style confidence language, with observed, inferred and unverified material kept separate. Analysis is framed against regional threat actor tradecraft, including access brokers, fraud operators and intelligence-adjacent collectors, with MITRE ATT&CK mapping where useful. Collection is passive: no active probing, unauthorised access or credential testing. Work can be conducted under NDA and structured to a firm's house format. Client matters are not disclosed.

Contact

For scoped Morocco digital risk intelligence, field verification or annex support: direct@robpinna.com

For mandate teams Mandate support Field Notes LinkedIn