Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: pentest physical security

from [JJacoby] Network Security [Permanent Link]
Subject: Re: pentest physical security
Date: Thu, 24 Aug 2006 08:38:43 -0400 

My experience has been that there are two groups that have nearly unfettered
and unescorted access to all spaces: private security guards, and the
cleaning crew.  Both are poorly paid and on the bottom of the social scale,
so employees don't want to be seen having any contact with them.  Duplicate
their appearance and you will be shunned.

Try to observe the cleaning crew's appearance, doors used, etc.  Cleaning
crews leave doors open / unlocked / propped all the time.  They work after
hours, so there are few (if any) employees around to watch you shove laptops
into your trash bin.

Stonewall


-----Original Message-----
From: Cedric Blancher [mailto:blancher@cartel-securite.fr]
Sent: Tuesday, August 15, 2006 10:28 AM
To: scott
Cc: pen-test@securityfocus.com
Subject: Re: pentest physical security

Le lundi 31 juillet 2006 à 00:49 -0400, scott a écrit :

Okay,I've been contacted about pentesting physical security system for 
a  medium size company that is integrating IT & physical 
security,ie;cameras,id gates,etc.
I'm not exactly sure where to start,other than the 
obvious;passwords,permissions,etc.


Maybe some clue here:

http://recon.cx/en/f/sconheady-social-engineering-for-pen-testers.pdf


--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE

Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Penetration Testing - Human Factor, Isaac Van Name
Next by Date:  Pen-testing/auditing MS Exchange Servers., Serge Vondandamo
Previous by Thread:  RE: pentest physical security, Upadhyaya, Vijay
Next by Thread:  Re: pentest physical security, intel96
Indexes:  [Date] [Thread] [Top] [All Lists]