🌊 Physical Penetration Testing | Cybrary.IT
This one isn't a PenTesting Room. This is more my notes from the Physical PenTest Course to complete my 50 CEUs requirement to keep my CompTIA Security+ Qualification.
I've written on paper the previous chapter. I'll type out Chapter 3.1 Information Gathering Methods on my blog as I think it's a bit more relevant to the theme of my documentations here.
Recon Types
-Passive, this could go unnoticed
-Active, attacker engages with the target
Passive Recon Types
-Google Fu
-Company Websites
-Drive Bys
-OSINT (Open-Source Intel)
-IMINT (Imagery Intel Gathering)
OSINT
-Collecting data from publicly available sources
-Things to look for:
--Company Information
--Competitive Intel
--People and Contacts
--Open Jobs (Sometimes they list the technologies they use)
--Social Media and Networking
IMINT
-Imagery Intel
-Collecting information via satellite and aerial photography
-Electronic Surveillance
--Cameras
--Microphones
--Covert Surveillance (Hidden Cameras & Microphones)
Active Recon Types
-Port Scanning
-Physically interacting with employees or target
-Phone calls
-HUMINT via Social Engineering (Human Intel)
-Dumpster Diving
-Shoulder Surfing
Information Gathering Labs
-Kali Linux (Good to use VPN so you're not tracked)
-Google Technique (e.g. Company Name + About Us)
4.1 Equipment
-New devices are always manufactured
-Lock Picks
-Bypass Tools, to get around security barriers using non-traditional methods
4.4 Specialised Hacking Tools
-Monitor Keystrokes
-Capture Network Traffic
-Capture Wireless Traffic
-Perform Automated Attacks
-Network Implants
--Physical tools insert into USB or wired ports
--Capture network traffic
--Can capture in real time
--e.g. LAN Turtle
--WiFi Penetration Tools
---Small Concealable Devices
---Automate Attacks
---Capture Credentials
---Deauthenticate
---Broadcast Phony Networks
--USB Attack Tools
---Used by testers or given no targets
---Scripted attacks
---Spoof keyboards, ethernet devices, or use scripts
---Fast and Automated
-Keyloggers
--Capture keystrokes
--Inserted in line with keyboard
--Pass ahrdware ID through
--Store thousands of lines of text
Other types of Equipments of course includes laptops and smart phones for hacking and even cameras.
Sometimes cameras have Wi-Fi functions that you can use for recon.
-Radio Scanners
-Wireless Camera Scanners
Lock Picking
-Picking Pin Locks (via raking)
-Tubular Locks (Circular)
-Wafer Locks (Low Security)
-Warded Locks (Skeleton Keys)
-Combination Locks
--Single Dial Combination Locks
--Multiple Combination Locks
-Electronic Locks (Fail Secure Electric Strike)
7.1 Bypassing Tools and Strategies Introduction
Under the door tools
-Mule Tool
--Similar design to modern version
--Rubber patch is attached to right angle end
--Metal wire is attached to rubber patch material
-Door Shimming Tools
--Gap near latch
--Pushes latch back into door
--Shims can be plastic and metal
--Different shapes, sizes and thicknesses
--Door must only be locked with the latch
-Crash Bar Tools
--Double doors with crash bars
--Fits between gap in the middle
--End of the tool pushes crash bar
-Thumbturn Bypass Tool
--Works on double doors
--Inserted into gap
--Handle turns the smaller
--u-shaped metal piece
Lock Bypass Tools
-Lock Bumping
--Open pin lock through "bumping"
--Bump key
--Bump key hammer
--Hit key with bump key hammer
--Turn while being hit
--Pick gun
-Pick Gun
--Similar to bump keys, the goal is to open pin lock through "bumping"
--Needle picks
--Tension wrench
-Padlock Shims
--Padlocks have common flaws in the shackle
--Padlock shim fit between shackle cutout and roller
--Not every padlock is susceptible
-Decoding Combination Locks
--Almost all have flaws
--To decode some require tools, some do not
--Some can be decoded with a thin piece of metal (decoder)
-Warded Keys
--Also known as skeleton keys
--Bypasses wards
--Strips of metals with different shapes
--Strategic bends
Wafer Keys
--Strategically shaped keys
--Fit into wafers
--Handful of configurations
--Can be faster than picking
1.16 Sensor Bypass Methods
-Cut power
-Improperly placed sensors
-Enter before they are armed
-Block sensors
-Trip sensors
-Motion Sensors that unlock doors
--Simple Motion
--Motion towards sensors
-Canned air
-Vaping
-Tape measure
Creating Fake Badges
-Research badges' appearance
-Laminate
-PVC cards
-Barcodes
Cloning CHips in Badges
-Scannable to allow access
-Encrypted or not
-RFID
-Concealable cloners
Gates, Fences, and other Barriers
-First line of defense
-Over, under, or social engineer
-Tailgating
Mantraps
-Allows one person at a time
-Credentials needed
-Sensors
-Trigger fire alarm
-Bypass
8.3 Overt Testing
-Testing in plain sight
-Work within security controls
-Typically uses social engineering
Covert Testing
-Secretive or hidden
-Not trying to avoid people
-Blend in to the crowd
-Some social engineering may be required, but not always
Unseen Testing
-Completely out of view
-Trying to avoid people
-Strong physical skills
--Lock Picking
--Climbing
--Bypassing
-Usually done after hours
Exploring a Target Site
-Gather information
-Get an idea of the layout
-Get an idea of where assets and/or info is
-Don't raise suspicion
-Take opportunities to test
Reception Desk
-Welcome and provide info
-Deal with lots of people
-Great source of info or access
-Gatekeeper to organisation
Guard Stations
-Rich source of info and items
--Video footage
--Keys
--Badges
--Communication traffic
Meeting Rooms
-Empty meeting rooms can be valuable
-Setup equipment
-Listen to office chatter
-A place to be
-Often not bothered
Supervisor Offices
-Goldmine of info and assets
-More valuable info and assets than other employees
-Office can be used to imply authority over other employees
Server Rooms/Switch Closets
-Often the main target of tests
-Snoop on network or implant devices
-May have all the organisation's data
-Gain network access and bypass security controls
Storage Areas
-Big target for thieves
-Lots of money in storage areas
-Multiple point of entry
Examples of Access Methods
Tailgating
-Following an authorised person in
-Credential are not needed
-Social norm of not being rude
-Trained to look for tailgaters
-Act like you belong
-Be confident
-Act like you just came out
-Carry something big
Clothing to Wear
-Dress like the group
-Appropriate and believable digsuise
-Layers of disguises
Hiding in an Elevator
-low security locks
-Can get full control with firefighter setting
-Buildings with multiple elevators
-Close to closing time
Comments
Post a Comment