RE: Physical Security - Pen Test

["Shenk, Jerry A" <jshenk () decommunications com>]

Johnny has that presentation and more in a book too....and it's a easy
read.  I think the key is learning about the company you're
testing...learn as much as you can and then apply it.  As was said...the
book will give you ideas...for protecting your own stuff too;)

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of M.D.Mufambisi
Sent: Tuesday, March 31, 2009 12:06 PM
To: iadcc
Cc: pen-test () securityfocus com
Subject: Re: Physical Security - Pen Test

Hi Paul,

There is a Defcon 2007 presentation by Johnny Long called "No Tech
Hacking". It should give you lots of ideas.Its not a framework....but
it will give you a lot of ideas. had it but for some reason, the files
are corrupt. If you can, may i please have the social engineering bit
you have developed?

Regards,

Munyaradzi Mufambisi



On 3/30/09, iadcc <paul.needham () derby gov uk> wrote:
> Has anybody ever conducted a physical security penetration test? Do
you have
> a sample test plan you used? I have formulated some Social Engineering
tests
> we could try but anything else would be useful./
> --
> View this message in context:
http://www.nabble.com/Physical-Security---Pen-Test-tp22778302p22778302.h
tml
> Sent from the Penetration Testing mailing list archive at Nabble.com.
------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> No time or budget for traveling to a training course in this fiscal
year?
> Check out the online penetration testing courses available at InfoSec
> Institute. More than a boring "talking head", train in our virtual
labs for
> a total hands-on training experience. Get the certs you need as well:
CEH,
> CPT, CEPT, ECSA, LPT.
>
> http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------
>

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal
year? Check out the online penetration testing courses available at
InfoSec Institute. More than a boring "talking head", train in our
virtual labs for a total hands-on training experience. Get the certs you
need as well: CEH, CPT, CEPT, ECSA, LPT.

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------


**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which 
they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the 
intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the 
message. If you have received this communication in error, please notify the sender and delete this e-mail message. The 
contents do not represent the opinion of D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing 
courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total 
hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT.

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------