SlideShare a Scribd company logo

Physical Penetration Testing Toolkit Guide

D
data68

A presentation on Physical Penetration Testing, I completed for a college course.

Technology
1 of 12
Physical Penetration Testing A Pen-Tester’s Toolkit ‣ Tina Ellis ‣ March 9th, 2022
What is Physical Penetration Testing? Physical penetration testing is used to identify weaknesses in physical security systems that attackers could exploit to gain access to the facilities. Physical penetration testers (pentesters) are hired by organizations to test standing security policies for the purpose of exposing unknown vulnerabilities. 90% of network security is removed once a threat actor has physical access - Wil Allsopp, Unauthorized Access: Physical Penetration Testing For IT Security Teams Photo Courtesy of DarknetDiaries.com
Five Phases of Physical Penetration Testing Reconnaissance OSINT Intelligence Gathering: ‣ Social Media ‣ Public Records ‣ Attack Surface Data Communicate with Client Scanning and Probing Travel to Location Identify Potential Targets Physical Observations Create Exploitation Plan Acquire Resources Communicate with Client Exploitation Social Engineering Bypass Physical Barriers Bypass Doors Communicate with Client Post-Exploitation Identify Ways to Steal Information: Gain Access to Sensitive Areas Network Jacks in Public Areas Dumpster Diving Communicate with Client Reporting Intelligence Gathered Remediation Suggestions: Training Opportunities Camera Blind Spots Door/Gate Improvements Alarm Evaluations
An Attacker Mindset Pentesters know precisely how criminals might gain access to both computer systems and buildings and employ a variety of tools and methods to gain access to a facility. - RedTeamSecure.com Photo Courtesy of DarknetDiaries.com
OSINT CATEGORY APPLICATION INTELLIGENCE TOOL Social Media Intelligence [SOCMINT] Digital Network Intelligence [DNINT] Vehicle and Transportation Intelligence [VATINT] Mapping and Geo-Spatial Intelligence [GEOINT] Hunting ground for company and employee information. Identify technologies used and vulnerabilities that can be exploited. Track down company vehicle information. Vehicles can be acquired to blend in. Identify possible attack vectors (access points). ‣ Uniforms & Badges ‣ Name & Photo Identification ‣ Coffee & Lunch Hangouts ‣ Network and Systems ‣ Language & Technologies ‣ Possible Attack Vectors ‣ Host, DNS, & Mail Server Info ‣ IoT Device and Open Ports ‣ Public AWS or Azure Buckets ‣ Area Public Wi-Fi AP’s ‣ Vendor Vulnerabilities ‣ Vehicle Recognition ‣ VIN Identification ‣ License Plate Lookup ‣ Internet Infrastructure ‣ Satellite Images ‣ Drone Images ‣ Street View Images ‣ Historical Facility Images ‣ CCTV Live Video Feeds Google, OpenPayrolls, GoFindWho, OnePlus OSINT Toolkit, SkyLens, Social- Search, Melissa Lookups, Company & Employee Social Media Pages, and Job Postings Open Directories CSE, WhoisFreaks, CentralOps, ZoomEye, IntoDNS, Wappalyzer, HackerTarget, Pulsedive, WiGLE, WiFi Map, Shodan, Zoom Eye, Natlas, Public Buckets, CVE Details CarNetAI, VehicleHistory, FaxVIN GoogleMaps, Soar Earth, Wayback World Imagery, GeoHack Tools, FreeMapTools, HawkEye360, Satelite.pro, Infrapedia Map, TravelWithDrone, CCTV Reconnaissance Phase Pentesters use a variety of Open-Source Intelligence (OSINT) tools to gather information about their target. *These are just examples of the OSINT tools available. Actual tools vary.
Scanning and Probing Phase Pentesters travel to the location and begin formalizing the exploitation plan. Physical observations are conducted in person. Night reconnaissance might include locating camera location by using night-vision goggles to see the infrared light emitted by night surveillance cameras. Door, Gate, and Lock Brand information is gathered. SOC location is identified, and any interesting info noted. Resources are acquired: Pentesters scan and clone badges, put together disguises, rent vehicles, and put together their toolkit. Exploitation plan is created: After all the intelligence is gathered an exploitation plan is created and shared with the client. A “get-out-of-jail-free” card is acquired that proves their identity if they get caught Pentesters communicate heavily with the parties. They also notify local authorities of their plan, so that they are not caught off guard. These steps are an important part of maintaining the safety of all parties involved. Photo Courtesy of DarknetDiaries.com
Exploitation Phase This is the phase where pentesters deploy their physical penetration testing plan. To implement this plan, pentesters use a variety of tools and methods, some technical and some not. Social engineering is one non-technical approach that pentesters may employ to circumvent security controls. Pentesters may use impersonation, disguises, badges, and a sense of urgency to blend in or gain access to sensitive systems and information. Physical access may also be obtained by observing the physical layout of the premises and identifying weak areas of security that do not require any special tools. Unlocked doors and unmonitored entryways provide an opportunity for access. Bypassing security controls may also be an option by employing bypass tools such as plug spinners, hinge pin tools, door and gate tools, generic keys, and SEARAT tools. Photo Courtesy of DarknetDiaries.com
The Physical Penetration Tools Long range RFID readers and a Proxmark III for cloning cards Disguises: Safety vests, uniforms, company cars, hard hats, lanyards Multimeter, for equipment testing and failure issues. Camera, flashlight, GoPro, Binoculars Ladders of various heights LANstar, LAN Cables, Small Wireless Router, for Network System Access Raspberry Pi’s – Plug into Network Connection for Network Access Shortwave radios for communication
The Physical Penetration Tools Borescope to see under doors or around corners Night Vision Goggles: See at night and locate night vision cameras Fence keys: Linear & Door King have generic keys available on Amazon Wool blanket to protect your body from barbed-wire fences Door Tools: Double Door Tools, Under the Door Tools, Shove-It Tool, Lockpicks Plug Spinner: Prevents pins from reengaging after lockpick, and re-locks Hinge Pin Tool: Spring-loaded tool used to pop hinges off doors SEARAT: all-in-one entry tool includes key blade, Window-Breaker, Gas Shut-off
Post-Exploitation Phase During the Post-Exploitation phase, the pentesters identify the opportunities where information could be stolen. They do not actually steal anything but take pictures or leave evidence (like a business card), to prove that they could have stolen information. ‣ Gain Access to Sensitive Areas ‣ Network Jacks in Public Areas ‣ Dumpster Diving Photo Courtesy of DarknetDiaries.com
Reporting Phase After the exploitation plan has been executed, pentesters compile their findings and create a report. The report includes any intelligence that was gathered during the reconnaissance and probing phases; a list of detailed steps and methods that were taken during the exploitation phase, as well as remediation suggestions that will improve an organization's overall security program. Physical pentesters “undertake wildly ambitious and incredibly complex activities intended to reveal opportunities for a potential real-life showdown between good and evil - a heavily defended company against a would-be attacker" - RedTeamSecure.com
References Darknet Diaries. (2021, June 22). Retrieved from https://darknetdiaries.com/ Deane, A. J., & Kraus, A. (2021). The official (ISC)2 CCSP Cbk Reference. Sybex. Halton, W., & Weaver, B. (2017). Penetration Testing: A Survival Guide. Packt Publishing. Mike Sheward. (2020). Security Operations in Practice. BCS, The Chartered Institute for IT. Rhysider, J. (Host). (2021, June 22). Jon and Brian's Big Adventure [Audio podcast]. Retrieved from https://darknetdiaries.com/transcript/95/ RedTeam Security, R. (n.d.). Physical penetration testing services: RedTeam Security. RedTeam Security - 5200 Willson Rd. Suite 150, Edina, MN 55424. Retrieved March 4, 2022, from https://www.redteamsecure.com/penetration- testing/physical-penetration-testing Sillanpää, M., & Hautamäki, J. (2020, July). Social Engineering Intrusion: A Case Study. In Proceedings of the 11th International Conference on Advances in Information Technology (pp. 1-5). Young, J. A. (2020). The Development of a Red Teaming Service-Learning Course. Journal of Information Systems Education, 31(3), 157–178. Photo Courtesy of DarknetDiaries.com

Recommended

Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 

Recommended

Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS BasicsMahendra Pratap Singh
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response RolesFlorian Roth
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Florian Roth
 
Making security champions in organization
Making security champions in organizationMaking security champions in organization
Making security champions in organizationkunwaratul hax0r
 
Penetration Testing SAP Systems
Penetration Testing SAP SystemsPenetration Testing SAP Systems
Penetration Testing SAP SystemsOnapsis Inc.
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset SecurityMaganathin Veeraragaloo
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
IRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET Journal
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 

More Related Content

What's hot

Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response RolesFlorian Roth
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Florian Roth
 
Making security champions in organization
Making security champions in organizationMaking security champions in organization
Making security champions in organizationkunwaratul hax0r
 
Penetration Testing SAP Systems
Penetration Testing SAP SystemsPenetration Testing SAP Systems
Penetration Testing SAP SystemsOnapsis Inc.
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 

What's hot (20)

Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response Roles
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011
 
Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212
 
Making security champions in organization
Making security champions in organizationMaking security champions in organization
Making security champions in organization
 
Penetration Testing SAP Systems
Penetration Testing SAP SystemsPenetration Testing SAP Systems
Penetration Testing SAP Systems
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
ICS security
ICS securityICS security
ICS security
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset Security
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 

Similar to Physical Penetration Testing Toolkit Guide

IRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET Journal
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
pres_drone_forensics_program.pptx
pres_drone_forensics_program.pptxpres_drone_forensics_program.pptx
pres_drone_forensics_program.pptxVolgaTC
 
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docxUMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docxwillcoxjanay
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...DroneSec
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
Securing Your Wearable Tech Brand
Securing Your Wearable Tech BrandSecuring Your Wearable Tech Brand
Securing Your Wearable Tech BrandSimon Loe
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical HackingIRJET Journal
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Vulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkillijtsrd
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...Clare Nelson, CISSP, CIPP-E
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettGovLoop
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 

Similar to Physical Penetration Testing Toolkit Guide (20)

IRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning TechniquesIRJET- A Survey on Object Detection using Deep Learning Techniques
IRJET- A Survey on Object Detection using Deep Learning Techniques
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
pres_drone_forensics_program.pptx
pres_drone_forensics_program.pptxpres_drone_forensics_program.pptx
pres_drone_forensics_program.pptx
 
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docxUMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
UMUC Monitoring, Auditing, Intrusion Detection, Intrusion Prev.docx
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
Securing Your Wearable Tech Brand
Securing Your Wearable Tech BrandSecuring Your Wearable Tech Brand
Securing Your Wearable Tech Brand
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 
DarkWeb
DarkWebDarkWeb
DarkWeb
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical Hacking
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Vulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkill
 
A6704d01
A6704d01A6704d01
A6704d01
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy Garrett
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 

Recently uploaded

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Recently uploaded (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 

Physical Penetration Testing Toolkit Guide

  • 1. Physical Penetration Testing A Pen-Tester’s Toolkit ‣ Tina Ellis ‣ March 9th, 2022
  • 2. What is Physical Penetration Testing? Physical penetration testing is used to identify weaknesses in physical security systems that attackers could exploit to gain access to the facilities. Physical penetration testers (pentesters) are hired by organizations to test standing security policies for the purpose of exposing unknown vulnerabilities. 90% of network security is removed once a threat actor has physical access - Wil Allsopp, Unauthorized Access: Physical Penetration Testing For IT Security Teams Photo Courtesy of DarknetDiaries.com
  • 3. Five Phases of Physical Penetration Testing Reconnaissance OSINT Intelligence Gathering: ‣ Social Media ‣ Public Records ‣ Attack Surface Data Communicate with Client Scanning and Probing Travel to Location Identify Potential Targets Physical Observations Create Exploitation Plan Acquire Resources Communicate with Client Exploitation Social Engineering Bypass Physical Barriers Bypass Doors Communicate with Client Post-Exploitation Identify Ways to Steal Information: Gain Access to Sensitive Areas Network Jacks in Public Areas Dumpster Diving Communicate with Client Reporting Intelligence Gathered Remediation Suggestions: Training Opportunities Camera Blind Spots Door/Gate Improvements Alarm Evaluations
  • 4. An Attacker Mindset Pentesters know precisely how criminals might gain access to both computer systems and buildings and employ a variety of tools and methods to gain access to a facility. - RedTeamSecure.com Photo Courtesy of DarknetDiaries.com
  • 5. OSINT CATEGORY APPLICATION INTELLIGENCE TOOL Social Media Intelligence [SOCMINT] Digital Network Intelligence [DNINT] Vehicle and Transportation Intelligence [VATINT] Mapping and Geo-Spatial Intelligence [GEOINT] Hunting ground for company and employee information. Identify technologies used and vulnerabilities that can be exploited. Track down company vehicle information. Vehicles can be acquired to blend in. Identify possible attack vectors (access points). ‣ Uniforms & Badges ‣ Name & Photo Identification ‣ Coffee & Lunch Hangouts ‣ Network and Systems ‣ Language & Technologies ‣ Possible Attack Vectors ‣ Host, DNS, & Mail Server Info ‣ IoT Device and Open Ports ‣ Public AWS or Azure Buckets ‣ Area Public Wi-Fi AP’s ‣ Vendor Vulnerabilities ‣ Vehicle Recognition ‣ VIN Identification ‣ License Plate Lookup ‣ Internet Infrastructure ‣ Satellite Images ‣ Drone Images ‣ Street View Images ‣ Historical Facility Images ‣ CCTV Live Video Feeds Google, OpenPayrolls, GoFindWho, OnePlus OSINT Toolkit, SkyLens, Social- Search, Melissa Lookups, Company & Employee Social Media Pages, and Job Postings Open Directories CSE, WhoisFreaks, CentralOps, ZoomEye, IntoDNS, Wappalyzer, HackerTarget, Pulsedive, WiGLE, WiFi Map, Shodan, Zoom Eye, Natlas, Public Buckets, CVE Details CarNetAI, VehicleHistory, FaxVIN GoogleMaps, Soar Earth, Wayback World Imagery, GeoHack Tools, FreeMapTools, HawkEye360, Satelite.pro, Infrapedia Map, TravelWithDrone, CCTV Reconnaissance Phase Pentesters use a variety of Open-Source Intelligence (OSINT) tools to gather information about their target. *These are just examples of the OSINT tools available. Actual tools vary.
  • 6. Scanning and Probing Phase Pentesters travel to the location and begin formalizing the exploitation plan. Physical observations are conducted in person. Night reconnaissance might include locating camera location by using night-vision goggles to see the infrared light emitted by night surveillance cameras. Door, Gate, and Lock Brand information is gathered. SOC location is identified, and any interesting info noted. Resources are acquired: Pentesters scan and clone badges, put together disguises, rent vehicles, and put together their toolkit. Exploitation plan is created: After all the intelligence is gathered an exploitation plan is created and shared with the client. A “get-out-of-jail-free” card is acquired that proves their identity if they get caught Pentesters communicate heavily with the parties. They also notify local authorities of their plan, so that they are not caught off guard. These steps are an important part of maintaining the safety of all parties involved. Photo Courtesy of DarknetDiaries.com
  • 7. Exploitation Phase This is the phase where pentesters deploy their physical penetration testing plan. To implement this plan, pentesters use a variety of tools and methods, some technical and some not. Social engineering is one non-technical approach that pentesters may employ to circumvent security controls. Pentesters may use impersonation, disguises, badges, and a sense of urgency to blend in or gain access to sensitive systems and information. Physical access may also be obtained by observing the physical layout of the premises and identifying weak areas of security that do not require any special tools. Unlocked doors and unmonitored entryways provide an opportunity for access. Bypassing security controls may also be an option by employing bypass tools such as plug spinners, hinge pin tools, door and gate tools, generic keys, and SEARAT tools. Photo Courtesy of DarknetDiaries.com
  • 8. The Physical Penetration Tools Long range RFID readers and a Proxmark III for cloning cards Disguises: Safety vests, uniforms, company cars, hard hats, lanyards Multimeter, for equipment testing and failure issues. Camera, flashlight, GoPro, Binoculars Ladders of various heights LANstar, LAN Cables, Small Wireless Router, for Network System Access Raspberry Pi’s – Plug into Network Connection for Network Access Shortwave radios for communication
  • 9. The Physical Penetration Tools Borescope to see under doors or around corners Night Vision Goggles: See at night and locate night vision cameras Fence keys: Linear & Door King have generic keys available on Amazon Wool blanket to protect your body from barbed-wire fences Door Tools: Double Door Tools, Under the Door Tools, Shove-It Tool, Lockpicks Plug Spinner: Prevents pins from reengaging after lockpick, and re-locks Hinge Pin Tool: Spring-loaded tool used to pop hinges off doors SEARAT: all-in-one entry tool includes key blade, Window-Breaker, Gas Shut-off
  • 10. Post-Exploitation Phase During the Post-Exploitation phase, the pentesters identify the opportunities where information could be stolen. They do not actually steal anything but take pictures or leave evidence (like a business card), to prove that they could have stolen information. ‣ Gain Access to Sensitive Areas ‣ Network Jacks in Public Areas ‣ Dumpster Diving Photo Courtesy of DarknetDiaries.com
  • 11. Reporting Phase After the exploitation plan has been executed, pentesters compile their findings and create a report. The report includes any intelligence that was gathered during the reconnaissance and probing phases; a list of detailed steps and methods that were taken during the exploitation phase, as well as remediation suggestions that will improve an organization's overall security program. Physical pentesters “undertake wildly ambitious and incredibly complex activities intended to reveal opportunities for a potential real-life showdown between good and evil - a heavily defended company against a would-be attacker" - RedTeamSecure.com
  • 12. References Darknet Diaries. (2021, June 22). Retrieved from https://darknetdiaries.com/ Deane, A. J., & Kraus, A. (2021). The official (ISC)2 CCSP Cbk Reference. Sybex. Halton, W., & Weaver, B. (2017). Penetration Testing: A Survival Guide. Packt Publishing. Mike Sheward. (2020). Security Operations in Practice. BCS, The Chartered Institute for IT. Rhysider, J. (Host). (2021, June 22). Jon and Brian's Big Adventure [Audio podcast]. Retrieved from https://darknetdiaries.com/transcript/95/ RedTeam Security, R. (n.d.). Physical penetration testing services: RedTeam Security. RedTeam Security - 5200 Willson Rd. Suite 150, Edina, MN 55424. Retrieved March 4, 2022, from https://www.redteamsecure.com/penetration- testing/physical-penetration-testing Sillanpää, M., & Hautamäki, J. (2020, July). Social Engineering Intrusion: A Case Study. In Proceedings of the 11th International Conference on Advances in Information Technology (pp. 1-5). Young, J. A. (2020). The Development of a Red Teaming Service-Learning Course. Journal of Information Systems Education, 31(3), 157–178. Photo Courtesy of DarknetDiaries.com