Posts Tagged ‘pentest’

Depending on your personality the concept of being legally allowed to break into places has a kind of mythical ring to it. You’ve seen it happen in movies and series like James Bond, Mission Impossible, Leverage and a dozen others and you might have wondered is that how it really happens in real life? On some level you already know that the movie depictions are not that close to reality. Why? Mostly due to all those other stories of regular burglary where the break-in is much less sophisticated, yet very effective.

In this blog post I’m going to try and give an overview of physical penetration tests and how to start doing them from my own perspective (European context, we have to worry less about guns). In addition I will focus on the type of tests where a target asks you to ‘casually’ break in and gain access to a room, plant a device or steal some specific information. ‘Casually’, what does that even mean? In my experience it means that you get one or two days for your preparations and one day to execute the attack. Doesn’t seem like a lot, but you’d be surprised how many targets can be breached with minimal preparations, some courage and the fact that you aren’t really going to jail when caught ;)

I’m also no expert on this subject, so feel free to leave corrections as well as additional tips, tricks and personal experiences in the comments. Lastly, not all physical penetration tests will be the ideal take 4 weeks to do your thing type of job. So I consider it good practice to also be able to perform these type of smaller jobs where thinking on your feet is almost mandatory, not to mention fun if you like to practice your improvisation skills.

Before I forget, this information is mostly for your general running off the mill big corporation with standard security and where the target is just interested in an attacker that doesn’t invest a lot of time in the attack. Don’t attempt to access high security facilities with minimal preparation. Even though it might succeed, you will most likely strand at the first door or person that you attempt to bypass.

(more…)

I’ve always wanted like online ‘memo-to-self’ stuff to stop forgetting how to set things up, so I’ve decided to create a category for it. These posts will contain rambling, snippets and links on how to do stuff. Mostly intended for my own use so they won’t contain extensive instructions on every configuration detail.

I’ve always wanted a virtual lab which is easy to bring along and somewhat secure. Just to be clear here are some definitions of the words portable & secure as I see them:

  • Portable
    • easy to transfer
    • minimum amount of files
  • Secure
    • easy to encrypt
    • easy to delete
    • network segmentation
    • central firewall

Secure is a relative term, since it all depends on how much you harden the setup. To achieve the above mentioned points I’ve chosen to use vmware workstation and vmware esxi as the virtualization software. If you ever decide to spend money on software, vmware workstation surely deserves it!

Since this post is partially a little idea on creating a portable lab and partially a reminder for myself, I’ll take a shortcut in explaining how to set it up. Like you all know the internet is full of really nice guides on how to set stuff up, so why duplicate?

(more…)