Physical Penetration Attacks – Once You Are Inside!

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn9

The purpose of accessing the building is to get access to sensitive data as part of the penetration test. Once you are past the perimeter access controls of the building, you have to discover your way to a location where you can work undisturbed or locate assets you want to physically remove from the building. Both way, you’ll likely go into the building without knowing the floor plan or where specific assets are found. Walking blindly around searching for a site to work is the most challenging part of the physical intrusion process. It’s also when you’re most likely to be detected or confronted.

Unless your goal is to get backup tapes or paper, you will probably want access to the data network. A good place to get that access is in a conversation room, as most of them have data network ports available. An organization that is following industry best practices will have the data ports in their conversation rooms on a guest network that is not directly connected to the main local area network (LAN). But if this is the case, you can still use the conversation room as a base of operations while you try to obtain access to the data network.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn9
The following two tabs change content below.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply