RE: pentest physical security

["Upadhyaya, Vijay" <vupadhyaya () ipolicynetworks com>]

Hi, 
Wear excellent expensive outfit (business) with chauffer driven car and a
secretary right in to the company, and try show as if u are bigshot VC and
want to meet CEO or any other important person, or may be u can
impersonate spot audit check from ISO if ISO certified or any other
regulatory firm, 
See if they are allowing u in. 
Goal is to bypass all their physical security measures and get inside the
facility.
2 Cents.
Regards, 
Vijay

-----Original Message-----
From: Cedric Blancher [mailto:blancher () cartel-securite fr] 
Sent: Tuesday, August 15, 2006 10:28 AM
To: scott
Cc: pen-test () securityfocus com
Subject: Re: pentest physical security

Le lundi 31 juillet 2006 à 00:49 -0400, scott a écrit :
> Okay,I've been contacted about pentesting physical security system for 
> a  medium size company that is integrating IT & physical 
> security,ie;cameras,id gates,etc.
> I'm not exactly sure where to start,other than the 
> obvious;passwords,permissions,etc.

Maybe some clue here:

http://recon.cx/en/f/sconheady-social-engineering-for-pen-testers.pdf


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
> > Hi! I'm your friendly neighbourhood signature virus.
> > Copy me to your signature file and help me spread!

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Attachment: smime.p7s
Description: