Discover Top Posts Tagged with #physical pentesting

You know its a good day when you start scoping out marks (I have never pickpocketed in my life) and small security flaws that you can abuse(still never stolen anything)

#crime #no officer this is not a confession #this cannot be used in court as evidence against me #jk #physical pentesting #security #pickpocketing

I absolutely think there should be a pentesting liscense, like you’re not hired for anything you can just break in anywhere. except you cannot break into residential property or take/steal/destroy/vandalize anything. And if you are caught breaking one of those rules then you’re more heavily charged.

#physical pentesting #breaking and entering but legal now #new law time

As a locksportist I absolutely despise the fact that fallout pretty much started the idea of using both a bobby pin and screwdriver at the same time as tension wrenches and the lock will magically open. Like HOW is rotating the bobby pin manipulating the pins. Also that they don’t use the wavy side as a rake, maybe a knife bypass with the flat side, but other than that it wouldn’t work at all. I would rather have an under the door tool to get into buildings, or a drilling minigame.

#locksport #physical pentesting #security #fallout #hollywood incaccuracies #gaming fail #gaming

Week 5 - Doors

Computer and information security entails more than what you can accomplish software-side, more than what you can even accomplish with your computer hardware. In a world where corporate espionage is a fairly prevalent practice and information leaks are everywhere, you also need to put a little bit of thought into your physical security schema.

Are your doors as secure as you think they are? Ask yourself this. Is there any sort of a gap on the sides or bottom of your door? Does your ‘secure’ door have weatherproofing? Was your door installed without security pins, or with pins exposed on the ‘secured’ side of your door? Do you use an infrared monitor to open the unsecured side of your door in the case of egress? Do you use a door plate to prevent people from ‘carding’ your door open? If you answered yes to any of these questions, you may want to see the talk linked below. It’s a little unconventional, but it bears some good points along the lines of protecting your computers by protecting the physical building it’s stored in; when a determined attacker manages to physically compromise a facility, there’s a strong potential for data theft, data loss, systems sabotage, and acts of espionage, and the attacker’s toolset doesn’t even necessitate more than a few miscellaneous, easily-obtainable hand tools and a confident personal air. With proper care and preparation, it’s easy enough to harden a facility against most easily-exploitable physical entry vectors, but it takes a certain level of unorthodox thinking or scholarly research to actually identify the vulnerabilities in the first place - who would think of opening a locked push-bar or push-paddle door by bending a wire and slipping it through the weatherproofing to pull on the door? And who would think that the fix was so simple as deadbolting the door when the building has zero occupancy (e.g. at night, depending on the facility)? Furthermore, for warding against a similar attack vector, there exists the under-door gapless configuration; they’re slightly more expensive to install than a standard door, but in context they’re only truly important on an external access layer; perhaps not the outward-facing public doors, but perhaps with all doors one layer deeper, providing a significant degree of security against under-door attacks on those, and by extension all doorways within the perimeter formed by that layer of doors.

I recommend seeing the full talk, The Search for the Perfect Door, at Shakacon. The YouTube link is provided below.

https://www.youtube.com/watch?v=4YYvBLAF4T8

#ICS382 #computer security #door #pentesting #physical pentesting