Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pentest physical security

From: intel96 <intel96 () bellsouth net>
Date: Sat, 26 Aug 2006 11:26:29 -0400
Mervyn,

You are off point here with the topic, which is physical security
pentesting.  So I will provide you some insight into the article you
suggested. 

Using USB flash drives to circumvent logical security is a new twist to
an old game.  The old game was to use a CD marked with something like
"confidential  -  companyname finances" loaded with Trojan software. 
This attack vector worked all the time. 

A better attack is sending someone a repackaged commercial piece of
software with a custom Trojan.  This attack is targeted based on the
role of the person at the company.  Examples include sending a finance
person a new update to Quickbooks or an engineer a  copy of AutoCad. 
This attack vector worked all the time. 

Another twist that also works is sending a new piece of hardware (e.g.
switch, router, server, etc.) to a company that has been physical
modified to assist you gaining access to the network after it has been
installed. 

These latter attacks cost money, but are used to today to gain access to
corporations. 

Ok, now lets get back on point with physical security.




Mervyn Heng wrote:

You don't even need physical access. This article shows why.
http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1
<http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1>

On 8/25/06, *intel96* <intel96 () bellsouth net
<mailto:intel96 () bellsouth net>> wrote:

    Posing as a cleaning person allows you to obtain unrestricted access
    into some sensitive locations (e.g. CxO offices).  The trash makes a
    great place to hide disk duplication equipment, hardware keystroke
    loggers and other equipment. The disk duplication equipment allows
    you
    to copy the laptop and desktop hard drives without stealing
    them.   The
    keystroke loggers allow you to obtain passwords for encrypted
    files and
    other applications.

    Posing as HVAC personnel also works.

    The cleaning crews can expose MAJOR gaps in an organization security
    posture as noted below:

    I once provided a FREE physical security inspection and a
    vulnerability
    assessment to a Fortune 500 telecommunications firm (requirement for
    Masters Degrees).  Part of my assessment was to questioned the
    cleaning
    company that provided services to this telecommunications firm.  The
    cleaning company did verify anything about their workers and most
    were
    from Asia countries (mostly Korea and China).  These workers had
    unrestricted access into development areas for new products (e.g.
    cellular, networking, etc.).

    When I provided my final report to the company nothing changed.  I
    know
    this because I worked at this company for a year after the report and
    caught several cleaning people in restricted areas looking at project
    information.  When asked what they were doing they stated that
    they did
    not understand English and hurried away...............



    JJacoby wrote:
    > My experience has been that there are two groups that have
    nearly unfettered
    > and unescorted access to all spaces: private security guards,
    and the
    > cleaning crew.  Both are poorly paid and on the bottom of the
    social scale,
    > so employees don't want to be seen having any contact with
    them.  Duplicate
    > their appearance and you will be shunned.
    >
    > Try to observe the cleaning crew's appearance, doors used,
    etc.  Cleaning
    > crews leave doors open / unlocked / propped all the time.  They
    work after
    > hours, so there are few (if any) employees around to watch you
    shove laptops
    > into your trash bin.
    >
    > Stonewall
    >
    >
    > -----Original Message-----
    > From: Cedric Blancher [mailto:blancher () cartel-securite fr
    <mailto:blancher () cartel-securite fr> ]
    > Sent: Tuesday, August 15, 2006 10:28 AM
    > To: scott
    > Cc: pen-test () securityfocus com <mailto:pen-test () securityfocus com>
    > Subject: Re: pentest physical security
    >
    > Le lundi 31 juillet 2006 à 00:49 -0400, scott a écrit :
    >
    >> Okay,I've been contacted about pentesting physical security
    system for
    >> a  medium size company that is integrating IT & physical
    >> security,ie;cameras,id gates,etc.
    >> I'm not exactly sure where to start,other than the
    >> obvious;passwords,permissions,etc.
    >>
    >
    > Maybe some clue here:
    >
    >
    http://recon.cx/en/f/sconheady-social-engineering-for-pen-testers.pdf
    <http://recon.cx/en/f/sconheady-social-engineering-for-pen-testers.pdf>
    >
    >
    > --
    > http://sid.rstack.org/
    > PGP KeyID: 157E98EE FingerPrint:
    FA62226DA9E72FA8AECAA240008B480E157E98EE
    >
    >>> Hi! I'm your friendly neighbourhood signature virus.
    >>> Copy me to your signature file and help me spread!
    >>>
    >
    >
    ------------------------------------------------------------------------
    > This List Sponsored by: Cenzic
    >
    > Need to secure your web apps?
    > Cenzic Hailstorm finds vulnerabilities fast.
    > Click the link to buy it, try it or download Hailstorm for FREE.
    > http://www.cenzic.com/products_services/download_hailstorm.php
    >
    ------------------------------------------------------------------------
    >
    >
    >
    >
    ------------------------------------------------------------------------

    > This List Sponsored by: Cenzic
    >
    > Need to secure your web apps?
    > Cenzic Hailstorm finds vulnerabilities fast.
    > Click the link to buy it, try it or download Hailstorm for FREE.
    > http://www.cenzic.com/products_services/download_hailstorm.php
    >
    ------------------------------------------------------------------------
    >
    >
    >


    ------------------------------------------------------------------------

    This List Sponsored by: Cenzic

    Need to secure your web apps?
    Cenzic Hailstorm finds vulnerabilities fast.
    Click the link to buy it, try it or download Hailstorm for FREE.
    http://www.cenzic.com/products_services/download_hailstorm.php
    ------------------------------------------------------------------------





------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: