pentest – DiabloHorn

Three ways to hack an ATM

Please note: This is a mirrored post from a blog I wrote for one of my employers. The goal is to avoid the content being lost, since corporate websites are restructured and changed frequently.

Keyboard attacks, disk attacks and network attacks

Hacking ATMs, also known as Jackpotting, is an activity that speaks to our imagination, conjuring up visions of ATMs that spit out money into the street for everyone to pick up. The three attacks that we describe in this article are the result and recurring theme of numerous assessments that we have performed over the years for many of our customers. These are the (digital) attacks that we believe matter most and that require a serious look from anyone protecting an ATM.

Please note that hacking of ATM’s is an illegal action. Fox-IT’s security experts have performed these attacks with the permission of the ATM’s owners.

Writing a zero findings pentest report

Recently I came across a tweet by @CristiVlad25 asking about what you should write in a pentest report, when there are no findings? I did a quick quote tweet with the first thoughts that came to mind:

State what what the good things were so that customers learn why they were good and to focus on reproducing that approach.

Also inform on context and explain if time constrained had an impact or not.

Lastly, explain how a next test should be scoped or performed. https://t.co/Fg8kiXoWvG
— Francisco Dominguez (@FSDominguez) April 20, 2022

Which got me thinking, why not write a bit more about this situation? There are multiple resources on writing pentest reports that all highlight different aspects of the general structure and approach of a pentest report, so I won’t get into that, you can find multiple references, including sample reports at the end of this blog post.

Instead I want to only focus on the situation that you have 0, zero, nothing, nil findings. What do you do then?

Introduction to physical penetration tests

Depending on your personality the concept of being legally allowed to break into places has a kind of mythical ring to it. You’ve seen it happen in movies and series like James Bond, Mission Impossible, Leverage and a dozen others and you might have wondered is that how it really happens in real life? On some level you already know that the movie depictions are not that close to reality. Why? Mostly due to all those other stories of regular burglary where the break-in is much less sophisticated, yet very effective.

In this blog post I’m going to try and give an overview of physical penetration tests and how to start doing them from my own perspective (European context, we have to worry less about guns). In addition I will focus on the type of tests where a target asks you to ‘casually’ break in and gain access to a room, plant a device or steal some specific information. ‘Casually’, what does that even mean? In my experience it means that you get one or two days for your preparations and one day to execute the attack. Doesn’t seem like a lot, but you’d be surprised how many targets can be breached with minimal preparations, some courage and the fact that you aren’t really going to jail when caught ;)

I’m also no expert on this subject, so feel free to leave corrections as well as additional tips, tricks and personal experiences in the comments. Lastly, not all physical penetration tests will be the ideal take 4 weeks to do your thing type of job. So I consider it good practice to also be able to perform these type of smaller jobs where thinking on your feet is almost mandatory, not to mention fun if you like to practice your improvisation skills.

Before I forget, this information is mostly for your general running off the mill big corporation with standard security and where the target is just interested in an attacker that doesn’t invest a lot of time in the attack. Don’t attempt to access high security facilities with minimal preparation. Even though it might succeed, you will most likely strand at the first door or person that you attempt to bypass.

Continue reading “Introduction to physical penetration tests”

Portable (secure) (pen)test virtual lab

I’ve always wanted like online ‘memo-to-self’ stuff to stop forgetting how to set things up, so I’ve decided to create a category for it. These posts will contain rambling, snippets and links on how to do stuff. Mostly intended for my own use so they won’t contain extensive instructions on every configuration detail.

I’ve always wanted a virtual lab which is easy to bring along and somewhat secure. Just to be clear here are some definitions of the words portable & secure as I see them:

Portable
- easy to transfer
- minimum amount of files
Secure
- easy to encrypt
- easy to delete
- network segmentation
- central firewall

Secure is a relative term, since it all depends on how much you harden the setup. To achieve the above mentioned points I’ve chosen to use vmware workstation and vmware esxi as the virtualization software. If you ever decide to spend money on software, vmware workstation surely deserves it!

Since this post is partially a little idea on creating a portable lab and partially a reminder for myself, I’ll take a shortcut in explaining how to set it up. Like you all know the internet is full of really nice guides on how to set stuff up, so why duplicate?

Continue reading “Portable (secure) (pen)test virtual lab”