SlideShare a Scribd company logo

Physical-Penetration-Presentation-Tina-Ellis.pptx

D
data68

A presentation on Physical Penetration Testing, I completed for a college course.

Technology
1 of 12
Physical Penetration Testing A Pen-Tester’s Toolkit ‣ Tina Ellis ‣ March 9th, 2022
What is Physical Penetration Testing? Physical penetration testing is used to identify weaknesses in physical security systems that attackers could exploit to gain access to the facilities. Physical penetration testers (pentesters) are hired by organizations to test standing security policies for the purpose of exposing unknown vulnerabilities. 90% of network security is removed once a threat actor has physical access - Wil Allsopp, Unauthorized Access: Physical Penetration Testing For IT Security Teams Photo Courtesy of DarknetDiaries.com
Five Phases of Physical Penetration Testing Reconnaissance OSINT Intelligence Gathering: ‣ Social Media ‣ Public Records ‣ Attack Surface Data Communicate with Client Scanning and Probing Travel to Location Identify Potential Targets Physical Observations Create Exploitation Plan Acquire Resources Communicate with Client Exploitation Social Engineering Bypass Physical Barriers Bypass Doors Communicate with Client Post-Exploitation Identify Ways to Steal Information: Gain Access to Sensitive Areas Network Jacks in Public Areas Dumpster Diving Communicate with Client Reporting Intelligence Gathered Remediation Suggestions: Training Opportunities Camera Blind Spots Door/Gate Improvements Alarm Evaluations
An Attacker Mindset Pentesters know precisely how criminals might gain access to both computer systems and buildings and employ a variety of tools and methods to gain access to a facility. - RedTeamSecure.com Photo Courtesy of DarknetDiaries.com
OSINT CATEGORY APPLICATION INTELLIGENCE TOOL Social Media Intelligence [SOCMINT] Digital Network Intelligence [DNINT] Vehicle and Transportation Intelligence [VATINT] Mapping and Geo-Spatial Intelligence [GEOINT] Hunting ground for company and employee information. Identify technologies used and vulnerabilities that can be exploited. Track down company vehicle information. Vehicles can be acquired to blend in. Identify possible attack vectors (access points). ‣ Uniforms & Badges ‣ Name & Photo Identification ‣ Coffee & Lunch Hangouts ‣ Network and Systems ‣ Language & Technologies ‣ Possible Attack Vectors ‣ Host, DNS, & Mail Server Info ‣ IoT Device and Open Ports ‣ Public AWS or Azure Buckets ‣ Area Public Wi-Fi AP’s ‣ Vendor Vulnerabilities ‣ Vehicle Recognition ‣ VIN Identification ‣ License Plate Lookup ‣ Internet Infrastructure ‣ Satellite Images ‣ Drone Images ‣ Street View Images ‣ Historical Facility Images ‣ CCTV Live Video Feeds Google, OpenPayrolls, GoFindWho, OnePlus OSINT Toolkit, SkyLens, Social- Search, Melissa Lookups, Company & Employee Social Media Pages, and Job Postings Open Directories CSE, WhoisFreaks, CentralOps, ZoomEye, IntoDNS, Wappalyzer, HackerTarget, Pulsedive, WiGLE, WiFi Map, Shodan, Zoom Eye, Natlas, Public Buckets, CVE Details CarNetAI, VehicleHistory, FaxVIN GoogleMaps, Soar Earth, Wayback World Imagery, GeoHack Tools, FreeMapTools, HawkEye360, Satelite.pro, Infrapedia Map, TravelWithDrone, CCTV Reconnaissance Phase Pentesters use a variety of Open-Source Intelligence (OSINT) tools to gather information about their target. *These are just examples of the OSINT tools available. Actual tools vary.
Scanning and Probing Phase Pentesters travel to the location and begin formalizing the exploitation plan. Physical observations are conducted in person. Night reconnaissance might include locating camera location by using night-vision goggles to see the infrared light emitted by night surveillance cameras. Door, Gate, and Lock Brand information is gathered. SOC location is identified, and any interesting info noted. Resources are acquired: Pentesters scan and clone badges, put together disguises, rent vehicles, and put together their toolkit. Exploitation plan is created: After all the intelligence is gathered an exploitation plan is created and shared with the client. A “get-out-of-jail-free” card is acquired that proves their identity if they get caught Pentesters communicate heavily with the parties. They also notify local authorities of their plan, so that they are not caught off guard. These steps are an important part of maintaining the safety of all parties involved. Photo Courtesy of DarknetDiaries.com
Exploitation Phase This is the phase where pentesters deploy their physical penetration testing plan. To implement this plan, pentesters use a variety of tools and methods, some technical and some not. Social engineering is one non-technical approach that pentesters may employ to circumvent security controls. Pentesters may use impersonation, disguises, badges, and a sense of urgency to blend in or gain access to sensitive systems and information. Physical access may also be obtained by observing the physical layout of the premises and identifying weak areas of security that do not require any special tools. Unlocked doors and unmonitored entryways provide an opportunity for access. Bypassing security controls may also be an option by employing bypass tools such as plug spinners, hinge pin tools, door and gate tools, generic keys, and SEARAT tools. Photo Courtesy of DarknetDiaries.com
The Physical Penetration Tools Long range RFID readers and a Proxmark III for cloning cards Disguises: Safety vests, uniforms, company cars, hard hats, lanyards Multimeter, for equipment testing and failure issues. Camera, flashlight, GoPro, Binoculars Ladders of various heights LANstar, LAN Cables, Small Wireless Router, for Network System Access Raspberry Pi’s – Plug into Network Connection for Network Access Shortwave radios for communication
The Physical Penetration Tools Borescope to see under doors or around corners Night Vision Goggles: See at night and locate night vision cameras Fence keys: Linear & Door King have generic keys available on Amazon Wool blanket to protect your body from barbed-wire fences Door Tools: Double Door Tools, Under the Door Tools, Shove-It Tool, Lockpicks Plug Spinner: Prevents pins from reengaging after lockpick, and re-locks Hinge Pin Tool: Spring-loaded tool used to pop hinges off doors SEARAT: all-in-one entry tool includes key blade, Window-Breaker, Gas Shut-off
Post-Exploitation Phase During the Post-Exploitation phase, the pentesters identify the opportunities where information could be stolen. They do not actually steal anything but take pictures or leave evidence (like a business card), to prove that they could have stolen information. ‣ Gain Access to Sensitive Areas ‣ Network Jacks in Public Areas ‣ Dumpster Diving Photo Courtesy of DarknetDiaries.com
Reporting Phase After the exploitation plan has been executed, pentesters compile their findings and create a report. The report includes any intelligence that was gathered during the reconnaissance and probing phases; a list of detailed steps and methods that were taken during the exploitation phase, as well as remediation suggestions that will improve an organization's overall security program. Physical pentesters “undertake wildly ambitious and incredibly complex activities intended to reveal opportunities for a potential real-life showdown between good and evil - a heavily defended company against a would-be attacker" - RedTeamSecure.com
References Darknet Diaries. (2021, June 22). Retrieved from https://darknetdiaries.com/ Deane, A. J., & Kraus, A. (2021). The official (ISC)2 CCSP Cbk Reference. Sybex. Halton, W., & Weaver, B. (2017). Penetration Testing: A Survival Guide. Packt Publishing. Mike Sheward. (2020). Security Operations in Practice. BCS, The Chartered Institute for IT. Rhysider, J. (Host). (2021, June 22). Jon and Brian's Big Adventure [Audio podcast]. Retrieved from https://darknetdiaries.com/transcript/95/ RedTeam Security, R. (n.d.). Physical penetration testing services: RedTeam Security. RedTeam Security - 5200 Willson Rd. Suite 150, Edina, MN 55424. Retrieved March 4, 2022, from https://www.redteamsecure.com/penetration- testing/physical-penetration-testing Sillanpää, M., & Hautamäki, J. (2020, July). Social Engineering Intrusion: A Case Study. In Proceedings of the 11th International Conference on Advances in Information Technology (pp. 1-5). Young, J. A. (2020). The Development of a Red Teaming Service-Learning Course. Journal of Information Systems Education, 31(3), 157–178. Photo Courtesy of DarknetDiaries.com

Recommended

Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media ForensicsJohn J. Carney, Esq.
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoMatt Frowert
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 

Recommended

Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media ForensicsJohn J. Carney, Esq.
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoMatt Frowert
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesSyedAmoz
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain AttacksLionel Faleiro
 
STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)
STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)
STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)Iván Portillo
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
CISSP-Certified.pptx
CISSP-Certified.pptxCISSP-Certified.pptx
CISSP-Certified.pptxssuser645549
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)ENOInstitute
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
IRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET Journal
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 

More Related Content

What's hot

OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesSyedAmoz
 
STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)
STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)
STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)Iván Portillo
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
CISSP-Certified.pptx
CISSP-Certified.pptxCISSP-Certified.pptx
CISSP-Certified.pptxssuser645549
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)ENOInstitute
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 

What's hot (20)

OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life Examples
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
 
STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)
STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)
STIC XV CCN-CERT - Cibervigilancia con warrior (Ivan Portillo y Wiktor Nykiel)
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
CISSP-Certified.pptx
CISSP-Certified.pptxCISSP-Certified.pptx
CISSP-Certified.pptx
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Similar to Physical-Penetration-Presentation-Tina-Ellis.pptx

IRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET Journal
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
pres_drone_forensics_program.pptx
pres_drone_forensics_program.pptxpres_drone_forensics_program.pptx
pres_drone_forensics_program.pptxVolgaTC
 
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docxUMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docxwillcoxjanay
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...DroneSec
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
Securing Your Wearable Tech Brand
Securing Your Wearable Tech BrandSecuring Your Wearable Tech Brand
Securing Your Wearable Tech BrandSimon Loe
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical HackingIRJET Journal
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Vulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkillijtsrd
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...Clare Nelson, CISSP, CIPP-E
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettGovLoop
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 

Similar to Physical-Penetration-Presentation-Tina-Ellis.pptx (20)

IRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning Techniques
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
pres_drone_forensics_program.pptx
pres_drone_forensics_program.pptxpres_drone_forensics_program.pptx
pres_drone_forensics_program.pptx
 
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docxUMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
Securing Your Wearable Tech Brand
Securing Your Wearable Tech BrandSecuring Your Wearable Tech Brand
Securing Your Wearable Tech Brand
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 
DarkWeb
DarkWebDarkWeb
DarkWeb
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical Hacking
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Vulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkill
 
A6704d01
A6704d01A6704d01
A6704d01
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy Garrett
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Physical-Penetration-Presentation-Tina-Ellis.pptx

  • 1. Physical Penetration Testing A Pen-Tester’s Toolkit ‣ Tina Ellis ‣ March 9th, 2022
  • 2. What is Physical Penetration Testing? Physical penetration testing is used to identify weaknesses in physical security systems that attackers could exploit to gain access to the facilities. Physical penetration testers (pentesters) are hired by organizations to test standing security policies for the purpose of exposing unknown vulnerabilities. 90% of network security is removed once a threat actor has physical access - Wil Allsopp, Unauthorized Access: Physical Penetration Testing For IT Security Teams Photo Courtesy of DarknetDiaries.com
  • 3. Five Phases of Physical Penetration Testing Reconnaissance OSINT Intelligence Gathering: ‣ Social Media ‣ Public Records ‣ Attack Surface Data Communicate with Client Scanning and Probing Travel to Location Identify Potential Targets Physical Observations Create Exploitation Plan Acquire Resources Communicate with Client Exploitation Social Engineering Bypass Physical Barriers Bypass Doors Communicate with Client Post-Exploitation Identify Ways to Steal Information: Gain Access to Sensitive Areas Network Jacks in Public Areas Dumpster Diving Communicate with Client Reporting Intelligence Gathered Remediation Suggestions: Training Opportunities Camera Blind Spots Door/Gate Improvements Alarm Evaluations
  • 4. An Attacker Mindset Pentesters know precisely how criminals might gain access to both computer systems and buildings and employ a variety of tools and methods to gain access to a facility. - RedTeamSecure.com Photo Courtesy of DarknetDiaries.com
  • 5. OSINT CATEGORY APPLICATION INTELLIGENCE TOOL Social Media Intelligence [SOCMINT] Digital Network Intelligence [DNINT] Vehicle and Transportation Intelligence [VATINT] Mapping and Geo-Spatial Intelligence [GEOINT] Hunting ground for company and employee information. Identify technologies used and vulnerabilities that can be exploited. Track down company vehicle information. Vehicles can be acquired to blend in. Identify possible attack vectors (access points). ‣ Uniforms & Badges ‣ Name & Photo Identification ‣ Coffee & Lunch Hangouts ‣ Network and Systems ‣ Language & Technologies ‣ Possible Attack Vectors ‣ Host, DNS, & Mail Server Info ‣ IoT Device and Open Ports ‣ Public AWS or Azure Buckets ‣ Area Public Wi-Fi AP’s ‣ Vendor Vulnerabilities ‣ Vehicle Recognition ‣ VIN Identification ‣ License Plate Lookup ‣ Internet Infrastructure ‣ Satellite Images ‣ Drone Images ‣ Street View Images ‣ Historical Facility Images ‣ CCTV Live Video Feeds Google, OpenPayrolls, GoFindWho, OnePlus OSINT Toolkit, SkyLens, Social- Search, Melissa Lookups, Company & Employee Social Media Pages, and Job Postings Open Directories CSE, WhoisFreaks, CentralOps, ZoomEye, IntoDNS, Wappalyzer, HackerTarget, Pulsedive, WiGLE, WiFi Map, Shodan, Zoom Eye, Natlas, Public Buckets, CVE Details CarNetAI, VehicleHistory, FaxVIN GoogleMaps, Soar Earth, Wayback World Imagery, GeoHack Tools, FreeMapTools, HawkEye360, Satelite.pro, Infrapedia Map, TravelWithDrone, CCTV Reconnaissance Phase Pentesters use a variety of Open-Source Intelligence (OSINT) tools to gather information about their target. *These are just examples of the OSINT tools available. Actual tools vary.
  • 6. Scanning and Probing Phase Pentesters travel to the location and begin formalizing the exploitation plan. Physical observations are conducted in person. Night reconnaissance might include locating camera location by using night-vision goggles to see the infrared light emitted by night surveillance cameras. Door, Gate, and Lock Brand information is gathered. SOC location is identified, and any interesting info noted. Resources are acquired: Pentesters scan and clone badges, put together disguises, rent vehicles, and put together their toolkit. Exploitation plan is created: After all the intelligence is gathered an exploitation plan is created and shared with the client. A “get-out-of-jail-free” card is acquired that proves their identity if they get caught Pentesters communicate heavily with the parties. They also notify local authorities of their plan, so that they are not caught off guard. These steps are an important part of maintaining the safety of all parties involved. Photo Courtesy of DarknetDiaries.com
  • 7. Exploitation Phase This is the phase where pentesters deploy their physical penetration testing plan. To implement this plan, pentesters use a variety of tools and methods, some technical and some not. Social engineering is one non-technical approach that pentesters may employ to circumvent security controls. Pentesters may use impersonation, disguises, badges, and a sense of urgency to blend in or gain access to sensitive systems and information. Physical access may also be obtained by observing the physical layout of the premises and identifying weak areas of security that do not require any special tools. Unlocked doors and unmonitored entryways provide an opportunity for access. Bypassing security controls may also be an option by employing bypass tools such as plug spinners, hinge pin tools, door and gate tools, generic keys, and SEARAT tools. Photo Courtesy of DarknetDiaries.com
  • 8. The Physical Penetration Tools Long range RFID readers and a Proxmark III for cloning cards Disguises: Safety vests, uniforms, company cars, hard hats, lanyards Multimeter, for equipment testing and failure issues. Camera, flashlight, GoPro, Binoculars Ladders of various heights LANstar, LAN Cables, Small Wireless Router, for Network System Access Raspberry Pi’s – Plug into Network Connection for Network Access Shortwave radios for communication
  • 9. The Physical Penetration Tools Borescope to see under doors or around corners Night Vision Goggles: See at night and locate night vision cameras Fence keys: Linear & Door King have generic keys available on Amazon Wool blanket to protect your body from barbed-wire fences Door Tools: Double Door Tools, Under the Door Tools, Shove-It Tool, Lockpicks Plug Spinner: Prevents pins from reengaging after lockpick, and re-locks Hinge Pin Tool: Spring-loaded tool used to pop hinges off doors SEARAT: all-in-one entry tool includes key blade, Window-Breaker, Gas Shut-off
  • 10. Post-Exploitation Phase During the Post-Exploitation phase, the pentesters identify the opportunities where information could be stolen. They do not actually steal anything but take pictures or leave evidence (like a business card), to prove that they could have stolen information. ‣ Gain Access to Sensitive Areas ‣ Network Jacks in Public Areas ‣ Dumpster Diving Photo Courtesy of DarknetDiaries.com
  • 11. Reporting Phase After the exploitation plan has been executed, pentesters compile their findings and create a report. The report includes any intelligence that was gathered during the reconnaissance and probing phases; a list of detailed steps and methods that were taken during the exploitation phase, as well as remediation suggestions that will improve an organization's overall security program. Physical pentesters “undertake wildly ambitious and incredibly complex activities intended to reveal opportunities for a potential real-life showdown between good and evil - a heavily defended company against a would-be attacker" - RedTeamSecure.com
  • 12. References Darknet Diaries. (2021, June 22). Retrieved from https://darknetdiaries.com/ Deane, A. J., & Kraus, A. (2021). The official (ISC)2 CCSP Cbk Reference. Sybex. Halton, W., & Weaver, B. (2017). Penetration Testing: A Survival Guide. Packt Publishing. Mike Sheward. (2020). Security Operations in Practice. BCS, The Chartered Institute for IT. Rhysider, J. (Host). (2021, June 22). Jon and Brian's Big Adventure [Audio podcast]. Retrieved from https://darknetdiaries.com/transcript/95/ RedTeam Security, R. (n.d.). Physical penetration testing services: RedTeam Security. RedTeam Security - 5200 Willson Rd. Suite 150, Edina, MN 55424. Retrieved March 4, 2022, from https://www.redteamsecure.com/penetration- testing/physical-penetration-testing Sillanpää, M., & Hautamäki, J. (2020, July). Social Engineering Intrusion: A Case Study. In Proceedings of the 11th International Conference on Advances in Information Technology (pp. 1-5). Young, J. A. (2020). The Development of a Red Teaming Service-Learning Course. Journal of Information Systems Education, 31(3), 157–178. Photo Courtesy of DarknetDiaries.com