Penetration Testing mailing list archives
Re: pentest physical security
From: "JJacoby" <jjacoby () stonewallsecurity com>
Date: Thu, 24 Aug 2006 08:38:43 -0400
My experience has been that there are two groups that have nearly unfettered and unescorted access to all spaces: private security guards, and the cleaning crew. Both are poorly paid and on the bottom of the social scale, so employees don't want to be seen having any contact with them. Duplicate their appearance and you will be shunned. Try to observe the cleaning crew's appearance, doors used, etc. Cleaning crews leave doors open / unlocked / propped all the time. They work after hours, so there are few (if any) employees around to watch you shove laptops into your trash bin. Stonewall -----Original Message----- From: Cedric Blancher [mailto:blancher () cartel-securite fr] Sent: Tuesday, August 15, 2006 10:28 AM To: scott Cc: pen-test () securityfocus com Subject: Re: pentest physical security Le lundi 31 juillet 2006 à 00:49 -0400, scott a écrit :
Okay,I've been contacted about pentesting physical security system for a medium size company that is integrating IT & physical security,ie;cameras,id gates,etc. I'm not exactly sure where to start,other than the obvious;passwords,permissions,etc.
Maybe some clue here: http://recon.cx/en/f/sconheady-social-engineering-for-pen-testers.pdf -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Re: pentest physical security nospam (Aug 02)
- <Possible follow-ups>
- Re: pentest physical security Neil (Aug 02)
- Re: pentest physical security Cedric Blancher (Aug 16)
- RE: pentest physical security Upadhyaya, Vijay (Aug 23)
- Re: pentest physical security JJacoby (Aug 24)
- Re: pentest physical security intel96 (Aug 25)
- Message not available
- Re: pentest physical security intel96 (Aug 26)
- Re: pentest physical security intel96 (Aug 25)