Site Security - Paiet/SEC-335 GitHub Wiki

  • Objectives when testing sites
    • Take pictures of sensitive areas and/or proprietary devices
      • Proves you were able to access restricted areas
    • Steal devices, documents, and/or other data
    • Install malicious devices
      • Keyloggers
      • LAN Turtle
      • RasPi
      • Rogue AP
  • Methods for gaining access
    • Piggybacking/tailgating
      • Tailgating
        • Target is unaware that someone is slipping in behind them
          • Target doesn't check to see if door closes before moving on
            • Target doesn't pay enough attention to surroundings
      • Piggybacking
        • Target knows someone is slipping in behind them
          • Compliance with attacker
            • Direct knowledge of attack
            • Common courtesy
            • Unaware of restricted access for attacker
            • Disregard of access rules
    • Fence jumping
      • Around, Through, or Over?
      • Factors that affect your ability to traverse a fence
        • Height
        • Electrification
        • Barbed and/or Razor wire
      • Tools
        • Ladders
        • Wire cutters
      • Stealth
        • Noisy
        • Could be easily noticed
    • Dumpster diving
      • Junk or Treasure?
        • Great source of information
          • Personal documents
          • Old calendars with passwords
          • Official documents
            • Financial reports
            • Product proposals
          • Old drives/hardware/computers
      • Access: Restrictive or Non-restrictive?
        • Dumpster in public area/street
          • Fair game
        • Dumpster on private property
          • Could also be locked
          • You may need to employ Fence Jumping and Lock Picking
          • Trespassing charges
            • Get out of jail free card
  • Lock picking/bypass
    • DEMO: Lock picking
    • Bypass
      • Biometric, access card, keypad
      • May just need to be destroyed or bypassed with Piggybacking/Tailgating
        • Badge cloning
          • Copying an RFID badge info
          • RFID writers can be purchased for little money
          • Older RFID tech
            • 125kHz EM4100 protocol
              • No encryption
          • Newer RFID tech
            • Higher frequency rates
            • Supports encryption
          • Both can be cloned
            • Mobile device with NFC enabled
            • Cloning App
              • Default encryption keys
  • Egress sensor
    • Motion
    • Infrared
    • Bypass methods
      • Look for dead zones in coverage
      • Cover the sensor (make note of the sensors stand-off range)
        • See-thru insulation electrical tape
        • Cardboard
        • Styrofoam
      • Cover yourself
      • Infrared laser pointer