Friday, November 12, 2010

Physical Penetration Testing Presentation

Nice presentation made in Hack3rCon 2010

The original videos can also be found here

Resume
- Purpose and goals of the pentest
  (the customer may not know or be wrong)

  * What is running your business?

- Why?
  * attack vectors
  * evaluate the controls
  * potential vulnerabilities
  * find real threats to the organization
  * It must be a repeatable process and easy to explain
    (the methodology is important)
  * perhaps a security review can be done instead of a pentest
    (A pentest in a really insecure place is not worthy)


- Scope
  * which targets how can you attack and how?
  * what are you authorized to do versus real world?

- Methodologies
  * Open Source Security Testing Methodology
  * ISECOM
  * Crime Prevention Through Environmental Design

- Threat Source Analysis
   * actors
   * Funding, motivation and time

- Method
  * research
  * reconnaissance (google maps :D )
  * planning
  * execution
  * extraction
  * Wrap Up

- Real world examples

- Reporting

- Being catched by the Police :D

- Recommended reading

- Training

No comments:

Post a Comment