Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Physical
Penetration Testing
In Red Team Assessment
¿Physical Penetration Testing?
ME
EDUARDO ARRIOLS
• Security Consultant
• Co-Founder of HighSec
• C|EH, E|CSA and other
• Twitter: @_Hykeos
• Blog: http:...
1. Introduction
2. Methodology
3. Practical Case
4. Conclusions
1. Introduction
2. Methodology
3. Practical Case
4. Conclusions
Definition
Evaluation of physical security controls and procedures
of the target facilities
¿Why?
No matter what security measures have been implemented in
digital controls (firewall, IDS, etc.) when physical acces...
General Phases
1. Planning and Intelligence: Obtain information about the
building, physical security controls, etc. and e...
Physical
Penetration Testing
Digital
Penetration Testing
Social
Penetration Testing
Attack physical devices
connected to t...
Red Team exercises
Controlled but real intrusion in a organization, using physical,
digital or social vectors to obtain th...
Definition
Evaluation of security
controls and the
effectiveness of blue
team
Multidisciplinary team:
Specialists in physi...
Penetration Testing
vs Red Team
Penetration Testing (Digital) Red Team
Finding, evaluating and exploiting
vulnerabilities ...
Information Gathering
Social & Physical Intrusion
Take Control of Devices
Network Access
Get Access to Servers
Search Asse...
1. Introduction
2. Methodology
3. Practical Case
4. Conclusions
Way
Planning and
Intelligence
Breach
Defining Targets and Scope
Information Gathering
Preliminary Analysis
Reconnaissance ...
Planning and Intelligence
• Information Gathering
– Understanding the company and their most important assets
– ¿Where are...
Planning and Intelligence
• Reconnaissance - Active
– Surveillance of employees and guards
– Uniforms and badges
– Locate ...
Breach
• Bypass of access control
– Lock Picking
– Tailgating
– Key pad
– Biometric
– Badges
• Contactless
• Smartcard
• M...
Breach
• Bypass of sensors and alarms
– Motion sensor
• PIR
• Photoelectric
• Ultrasonic
– Magnetic sensor
– Communication...
¿And then?
• Exploitation and access to the corporate network (Red Team)
– Physical backdoor (PwnPlg, Raspberry, etc.)
– E...
1. Introduction
2. Methodology
3. Practical Case
4. Conclusions
Practical Case
Practical Case
Rooted Technology S.L.
Elevator
Ground floor
Rooted Techonolgy S.L.
Elevator
Garage
Rooted Techonolgy S.L.
Elevator
Objetive floor
Rooted Techonolgy S.L.
Equipment
Equipment
Planning and Intelligence
Reconnaissance (Pasive)
Using Google, Maps and Street
Reconnaissance (Pasive)
Using Google, Maps and Street
Reconnaissance (Pasive)
Using Google, Maps and Street
Reconnaissance (Pasive)
Using Google, Maps and Street
Reconnaissance (Pasive)
Using Google, Maps and Street
Reconnaissance (Active)
Using civil drones
Reconnaissance (Active)
Night Reconnaissance
VS
Reconnaissance (Active)
Night Reconnaissance
VS
Information Collection
Dumpster Diving
Information Gathering
Shoulder Surfing
Information Gathering
Social Engineering
Information Gathering
Interception of radio communications
Breach
Bypass of Access Control
Bypass of RFID Access Control
Bypass of Access Control
Bypass of RFID Access Control
1. Read employ card
2. Clone employ card
If fail:
3. Analyze
4. Cha...
Bypass of Access Control
Bypass of RFID Access Control
Internal Reconnaissance
Reconnaissance of Internal Security Measures
Bypass of Security Measures
Bypass of Alarm System
Bypass of Security Measures
Bypass of Magnetic Sensor
Bypass of Security Measures
Bypass of Magnetic Sensor
Bypass of Security Measures
Bypass of Motion Sensor
Bypass of Security Measures
Bypass of Motion Sensor
Nothing
Minimal change
Alert
Bypass of Security Measures
Bypass of Motion Sensor
Bypass of Security Measures
Bypass of Motion Sensor
Bypass of Security Measures
Bypass of Motion Sensor
Bypass of Security Measures
Bypass of Photoelectric Sensor
Bypass of Security Measures
Bypass of Photoelectric Sensor
Bypass of Security Measures
Bypass of Alarm System
Bypass of Security Measures
Bypass of Alarm System
Bypass of Security Measures
Bypass of Magnetic Card / Keypad Access
Bypass of Security Measures
Bypass of Magnetic Card / Keypad Access
Bypass of Security Measures
Bypass of Magnetic Card / Keypad Access
Elevator
Garage
¿How do we do it?
Elevator
First Floor
¿How do we do it?
Elevator
Ground floor
¿How do we do it?
Elevator
Ground floor
¿How do we do it?
1. Introduction
2. Methodology
3. Practical Case
4. Conclusions
Conclusions
Requirement of creativity and lateral thinking in implementing
real physical intrusion.
Red Team approach as a...
Questions
Próxima SlideShare
Cargando en…5
×

Physical Penetration Testing - RootedCON 2015

4.454 visualizaciones

Publicado el

La realización de un Test de Intrusión Físico tiene como finalidad conseguir acceso físico a una determinada ubicación, y no es una tarea sencilla. Requiere preparación, investigación, análisis, coordinación, mucha simulación y la aplicación de una metodología flexible que pueda adaptarse a las condiciones particulares de cada objetivo.

Analizar el entorno, evadir todo tipo de sistemas de seguridad física y colaborar en equipo (Red Team), son aspectos fundamentales para lograr la intrusión, y con ello posteriormente, el acceso a equipos, red y un sinfín de datos en las instalaciones del objetivo.Si quieres saber qué es un Red Team y profundizar en la realización de intrusiones físicas, esta es tu charla.

  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí

Physical Penetration Testing - RootedCON 2015

  1. 1. Physical Penetration Testing In Red Team Assessment
  2. 2. ¿Physical Penetration Testing?
  3. 3. ME EDUARDO ARRIOLS • Security Consultant • Co-Founder of HighSec • C|EH, E|CSA and other • Twitter: @_Hykeos • Blog: http://highsec.es
  4. 4. 1. Introduction 2. Methodology 3. Practical Case 4. Conclusions
  5. 5. 1. Introduction 2. Methodology 3. Practical Case 4. Conclusions
  6. 6. Definition Evaluation of physical security controls and procedures of the target facilities
  7. 7. ¿Why? No matter what security measures have been implemented in digital controls (firewall, IDS, etc.) when physical access is possible
  8. 8. General Phases 1. Planning and Intelligence: Obtain information about the building, physical security controls, etc. and elaborate intelligence task with that information to plan the attack 2. Breach: Access to the target building facilities
  9. 9. Physical Penetration Testing Digital Penetration Testing Social Penetration Testing Attack physical devices connected to the network Phishing, Watering Hole… Tailgaiting, Impersonification… Red Team Integral Security
  10. 10. Red Team exercises Controlled but real intrusion in a organization, using physical, digital or social vectors to obtain the most important asset of the company
  11. 11. Definition Evaluation of security controls and the effectiveness of blue team Multidisciplinary team: Specialists in physical, logical and social engineering security Adversary mindset: Combined, silent and high-impact attack Red Team
  12. 12. Penetration Testing vs Red Team Penetration Testing (Digital) Red Team Finding, evaluating and exploiting vulnerabilities in one dimesion Finding, evaluating and exploiting only the vulnerabilities that make possible obtain the goals Static methodology Flexible methodology No matter attacker´s profile Obtain the attacker's profile The security team normally are warned about the test Without notice Office schedule 24 hours Just finding and exploiting the vulnerabilities Measure bussiness impact of successful attacks.
  13. 13. Information Gathering Social & Physical Intrusion Take Control of Devices Network Access Get Access to Servers Search Assets Exfiltrate Information General Phases
  14. 14. 1. Introduction 2. Methodology 3. Practical Case 4. Conclusions
  15. 15. Way Planning and Intelligence Breach Defining Targets and Scope Information Gathering Preliminary Analysis Reconnaissance (Passive and Active) Intelligence Planning and Analysis Practice Execution
  16. 16. Planning and Intelligence • Information Gathering – Understanding the company and their most important assets – ¿Where are those assets? • Reconnaissance - Passive – Walk around the building – Driveway – Windows (lateral, interior, exterior, parallel opening) – Exits
  17. 17. Planning and Intelligence • Reconnaissance - Active – Surveillance of employees and guards – Uniforms and badges – Locate elevators – Blind sectors of cameras and sensors – Walk around the public area of inside the building – Locate the boardroom – Wireless networks – Emergency maps • Intelligence – Evaluate conversation opportunity with staff – Gathering information about employees
  18. 18. Breach • Bypass of access control – Lock Picking – Tailgating – Key pad – Biometric – Badges • Contactless • Smartcard • Magnetic – Not controlled physical Access • Windows • Garage
  19. 19. Breach • Bypass of sensors and alarms – Motion sensor • PIR • Photoelectric • Ultrasonic – Magnetic sensor – Communications systems inhibition • Bypass of surveillance systems • Social Engineering for obtaining physical access
  20. 20. ¿And then? • Exploitation and access to the corporate network (Red Team) – Physical backdoor (PwnPlg, Raspberry, etc.) – External device (Keylogger, Network Sniffer, etc.) – Access to unprotected computers (Kon-Boot, etc.) – Call Interception (Telephony and VoIP) – Kioskos and hardware device • Obtaining confidential information (Objetive) Red Team
  21. 21. 1. Introduction 2. Methodology 3. Practical Case 4. Conclusions
  22. 22. Practical Case
  23. 23. Practical Case
  24. 24. Rooted Technology S.L.
  25. 25. Elevator Ground floor Rooted Techonolgy S.L.
  26. 26. Elevator Garage Rooted Techonolgy S.L.
  27. 27. Elevator Objetive floor Rooted Techonolgy S.L.
  28. 28. Equipment
  29. 29. Equipment
  30. 30. Planning and Intelligence
  31. 31. Reconnaissance (Pasive) Using Google, Maps and Street
  32. 32. Reconnaissance (Pasive) Using Google, Maps and Street
  33. 33. Reconnaissance (Pasive) Using Google, Maps and Street
  34. 34. Reconnaissance (Pasive) Using Google, Maps and Street
  35. 35. Reconnaissance (Pasive) Using Google, Maps and Street
  36. 36. Reconnaissance (Active) Using civil drones
  37. 37. Reconnaissance (Active) Night Reconnaissance VS
  38. 38. Reconnaissance (Active) Night Reconnaissance VS
  39. 39. Information Collection Dumpster Diving
  40. 40. Information Gathering Shoulder Surfing
  41. 41. Information Gathering Social Engineering
  42. 42. Information Gathering Interception of radio communications
  43. 43. Breach
  44. 44. Bypass of Access Control Bypass of RFID Access Control
  45. 45. Bypass of Access Control Bypass of RFID Access Control 1. Read employ card 2. Clone employ card If fail: 3. Analyze 4. Change content or Emulate / Brute Force
  46. 46. Bypass of Access Control Bypass of RFID Access Control
  47. 47. Internal Reconnaissance Reconnaissance of Internal Security Measures
  48. 48. Bypass of Security Measures Bypass of Alarm System
  49. 49. Bypass of Security Measures Bypass of Magnetic Sensor
  50. 50. Bypass of Security Measures Bypass of Magnetic Sensor
  51. 51. Bypass of Security Measures Bypass of Motion Sensor
  52. 52. Bypass of Security Measures Bypass of Motion Sensor Nothing Minimal change Alert
  53. 53. Bypass of Security Measures Bypass of Motion Sensor
  54. 54. Bypass of Security Measures Bypass of Motion Sensor
  55. 55. Bypass of Security Measures Bypass of Motion Sensor
  56. 56. Bypass of Security Measures Bypass of Photoelectric Sensor
  57. 57. Bypass of Security Measures Bypass of Photoelectric Sensor
  58. 58. Bypass of Security Measures Bypass of Alarm System
  59. 59. Bypass of Security Measures Bypass of Alarm System
  60. 60. Bypass of Security Measures Bypass of Magnetic Card / Keypad Access
  61. 61. Bypass of Security Measures Bypass of Magnetic Card / Keypad Access
  62. 62. Bypass of Security Measures Bypass of Magnetic Card / Keypad Access
  63. 63. Elevator Garage ¿How do we do it?
  64. 64. Elevator First Floor ¿How do we do it?
  65. 65. Elevator Ground floor ¿How do we do it?
  66. 66. Elevator Ground floor ¿How do we do it?
  67. 67. 1. Introduction 2. Methodology 3. Practical Case 4. Conclusions
  68. 68. Conclusions Requirement of creativity and lateral thinking in implementing real physical intrusion. Red Team approach as a solution to conduct a comprehensive integral security evaluation in an organization.
  69. 69. Questions

×