Wireless Reconnaissance in Penetration Testing by Matthew Neely & Alex Hamerstone & Chris Sanyk

Author:Matthew Neely & Alex Hamerstone & Chris Sanyk
Language: eng
Format: epub
ISBN: 9781597497329
Publisher: Elsevier Inc.
Published: 2012-11-06T16:00:00+00:00

Case Study: Onsite Profiling

Internal penetration test at a large insurance company located in a downtown of a large city.

The following story is, well, mostly true. Because we are professional security people, we cannot disclose details of our clients’ systems nor their names. All the events in this case study happened, however we drew from events from multiple penetration assessments to create this scenario.

Initially, our scope included only the internal network, we were looking at attack vectors coming from someone who had already gained physical access to the building, or a rogue employee. During a walkthrough of the building, we noticed that employees on the phone were using wireless headsets (Figure 5.9). People often assume wireless headsets have a very short range and can’t be monitored outside the building. We talked to the Client to see if we could expand the penetration test to include monitoring the headsets. The Client agreed to include the headsets, so we worked on changing the rules of engagement to include them. For this, we needed to engage our lawyer, the Client’s legal staff, and Human Resources, to make sure this was done in a way that did not violate any laws or internal company policies.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.