SlideShare a Scribd company logo

Gaining A Foothold

Download as PPTX, PDF
Claranet UK, profile picture
Claranet UK

This document discusses various social engineering techniques that can be used by attackers such as phishing and gaining physical access. It provides examples of how phishing emails can appear legitimate but contain subtle signs that reveal the real domain is incorrect. The document also discusses ways attackers may gain physical access such as bypassing security protocols and door locks. It emphasizes the importance of user awareness training to help protect against social engineering attacks.

Technology
1 of 48
Download to read offline
1
2
3
Most read
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Gaining A Foothold
Freya Wilson Gaining A Foothold
Coming Up Different ways in Social Engineering: Phishing Social Engineering: Physical Access
Coming Up Different ways in Social Engineering: Phishing Social Engineering: Physical Access
Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
Coming Up Different ways in Social Engineering: Phishing Social Engineering: Physical Access
Phishing
Phishing
Phishing
Phishing It’s been sent to me at my email address…
Phishing It’s important – it’s to improve security – adds to a sense of legitimacy and urgency
Phishing They’ve got my name right – feels more legitimate. They’re using a current and relevant issue that everyone has been talking about – GDPR.
Phishing They’re referring to the right things – they’ve included a link for me to follow
Phishing The footer is identical to a typical one we would see.
Phishing There’s a deadline, it’s for security questions, I might need to remember them for the future…
Phishing And the red flag….
Phishing The real domain should be sec-1 not sec1… This indicates it’s probably a phishing email!
Phishing What if we look at the link…?
Phishing F12 to view in console…
Phishing Sure enough, it’s the wrong domain again!
Protect?
User Awareness + Strong Security Culture There’s no magic technological solution for this. User training and awareness of how to spot a phishing scam, what to do if they do spot one and what the risks are is the best solution.
Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
Coming Up Different ways in Social Engineering: Phishing Social Engineering: Physical Access
Physical Access
Reconnaissance • Google maps • Street view • Satellite view • Company Websites • Job Site Postings • LinkedIn • Other Social Media • “Stake-out”
Physical Access
Physical Access
Physical Access
Physical Access
Getting In - Challenges • Padlocks • Anti-tailgating devices • Door Keys • Codes • Security Protocols • Guards • CCTV
Padlocks are often easy to solve
And another option!
Getting past Anti-Tailgating devices
REX door sensors?
Key Cloning…
Shoulder Surfing!
What are we after when we get in?
What are we after when we get in?
Another option?
Social Engineering Assessments Social Engineering is becoming one of the most effective means of gaining access to secure systems and sensitive information. What is more, the attacker requires little to no technical knowledge. Preventing an attack of this nature requires a very different set of defences to traditional cyber security defences. Raising employee awareness Your best defensive strategy against social engineering is to raise employee awareness and to educate on good practices. A social engineering assessment from Claranet Cyber Security allows you to see how susceptible your staff might be when presented with an attempt by an attacker to trick them.Theresults of social engineering assessments can be used to direct training, create data handling guidelines and security policies. Typical social engineering engagementsinclude: • Phishing & spear phishing campaigns - tricking users via email • Physical entry - gaining unauthorised access to buildings • Baiting - tempting users into plugging in USB drives... • Staff impersonation - in order to obtain information or access remotely Contact us on 01924 284240, or info@sec-1.com, for a free scoping exercise and quote. Next Steps
Next Steps Infrastructure Testing The principal aim of infrastructure testing is to highlight where vulnerabilities exist in computer systems that could provide unauthorised access or serve as an entry point into private areas of the network and to sensitive data. Infrastructure testing applies in many areas including internal, perimeter, and cloud. It also applies to many technology areas from PCs and laptops to smart phones and Wi-Fi networking. From a hacker’s perspective each area represents an opportunity to attack, opportunities that can be minimised by reviewing your security in the same way you would your buildings or physical assets. Infrastructure testing can be deployed as a stand-alone exercise to provide a comprehensive view of the vulnerabilities and associated exploits or can be used as an element in a wider simulated attack including web application, social engineering andphysical access assessments. Contact us on 01924 284240, or info@sec-1.com, for a free scoping exercise and quote.
WebApplication Testing Available to hackers 24x7 and brim-full of data, web applications present a tempting target for hackers. Our penetration testing relies on the manual exploitation of vulnerabilities so you get the assessment of business risk that only an expert tester can provide. Wecombine this with the use of the best automated tools. All assessments are followed by a comprehensive report, with both non-technical and technical descriptions, alongside recommendations for remediation. Weprovide visibility of risks including: • Unauthorised access past authentication controls to escalate privileges • Introduction of malicious code • Manipulation of the application’s function • Defacing of the website or causing disruption • Gaining access to the hosting infrastructure Contact us on 01924 284240, or info@sec-1.com, for a free scoping exercise and quote. Next Steps
Claranet Cyber Security continually invests in hiring the most experienced, highly trained teams in the industry. A core part of delivering the best service is our commitment to being fully accredited across all the major standards in IT security. These include: Our accreditations
For more information about our all our Cyber Security Services please call: 01924 284 240 Or email: info@sec-1.com

More Related Content

PPTX
How Does a Data Breach Happen?
Claranet UK
 
PDF
VAPT Infomagnum
ARUN REDDY M
 
PPTX
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
PPTX
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
PPTX
Cybersecurity Training
WindstoneHealth
 
PDF
SME Cyber Insurance
Netpluz Asia Pte Ltd
 
PPTX
Isa Chapters Cyber is Hard presentation v1.0
grp362
 
PPT
Lukas - Ancaman E-Health Security
Indonesia Honeynet Chapter
 
How Does a Data Breach Happen?
Claranet UK
 
VAPT Infomagnum
ARUN REDDY M
 
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Cybersecurity Training
WindstoneHealth
 
SME Cyber Insurance
Netpluz Asia Pte Ltd
 
Isa Chapters Cyber is Hard presentation v1.0
grp362
 
Lukas - Ancaman E-Health Security
Indonesia Honeynet Chapter
 

What's hot (17)

PPTX
Security researcher
NoumanShah20
 
PDF
Application Security: Safeguarding Data, Protecting Reputations
Cognizant
 
PPTX
2021 Nonprofit Cybersecurity Incident Report
Community IT Innovators
 
PDF
IT system security principles practices
gufranresearcher
 
PDF
Security Firm Program - Corporate College
WorkSmart Integrated Marketing
 
PDF
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
Core Security
 
PPTX
Reducing the Impact of Cyber Attacks
James Cash
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
PDF
Web Application Penetration Testing
Priyanka Aash
 
PPT
Security testing
baskar p
 
PPTX
Vapt life cycle
penetration Tester
 
PPTX
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
IBM Security
 
PPTX
Ethical Hacking & Penetration Testing
ecmee
 
PDF
Supply chain-attack
vikram vashisth
 
PDF
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
PDF
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
PPTX
Hyphenet Security Awareness Training
Jen Ruhman
 
Security researcher
NoumanShah20
 
Application Security: Safeguarding Data, Protecting Reputations
Cognizant
 
2021 Nonprofit Cybersecurity Incident Report
Community IT Innovators
 
IT system security principles practices
gufranresearcher
 
Security Firm Program - Corporate College
WorkSmart Integrated Marketing
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
Core Security
 
Reducing the Impact of Cyber Attacks
James Cash
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Web Application Penetration Testing
Priyanka Aash
 
Security testing
baskar p
 
Vapt life cycle
penetration Tester
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
IBM Security
 
Ethical Hacking & Penetration Testing
ecmee
 
Supply chain-attack
vikram vashisth
 
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
Hyphenet Security Awareness Training
Jen Ruhman
 
Ad

Similar to Gaining A Foothold (20)

PPTX
All About Network Security & its Essentials.pptx
Infosectrain3
 
PDF
CYBER51-FYLER
Cyber 51 LLC
 
PDF
Cyber security for Developers
techtutorus
 
PDF
Penetration Testing: An Essential Guide to Cybersecurity
techcountryglow
 
DOCX
Learn About Social Engineering Services - Aardwolf Security
Aardwolf Security
 
PDF
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
PDF
An Overview of Cyber Security_ Risks, Threats, and Solutions.pdf
khushnuma khan
 
PPTX
Hacking the Human - How Secure Is Your Organization?
CBIZ, Inc.
 
PPTX
Ashar Shaikh A-84 SEMINAR.pptx
asharshaikh8
 
PDF
Airport IT&T 2013 John McCarthy
Russell Publishing
 
PDF
module 1 Cyber Security Concepts
Sitamarhi Institute of Technology
 
PDF
Module 1.pdf
Sitamarhi Institute of Technology
 
PDF
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
FitCEO, Inc. (FCI)
 
PDF
Ethical Hacking A high-level information security study on protecting a comp...
Quinnipiac University
 
PDF
Cybersecurity Interview Questions and Answers
Julie Bowie
 
PPTX
Facts About Social Engineering Services - Aardwolf Security
Aardwolf Security
 
PDF
What Are Social Engineering Attacks .pdf
Sysvoot Antivirus
 
PDF
Why is cybersecurity important for the entertainment industry
Lisa Stockley
 
PDF
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
PDF
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
All About Network Security & its Essentials.pptx
Infosectrain3
 
CYBER51-FYLER
Cyber 51 LLC
 
Cyber security for Developers
techtutorus
 
Penetration Testing: An Essential Guide to Cybersecurity
techcountryglow
 
Learn About Social Engineering Services - Aardwolf Security
Aardwolf Security
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
An Overview of Cyber Security_ Risks, Threats, and Solutions.pdf
khushnuma khan
 
Hacking the Human - How Secure Is Your Organization?
CBIZ, Inc.
 
Ashar Shaikh A-84 SEMINAR.pptx
asharshaikh8
 
Airport IT&T 2013 John McCarthy
Russell Publishing
 
module 1 Cyber Security Concepts
Sitamarhi Institute of Technology
 
Module 1.pdf
Sitamarhi Institute of Technology
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
FitCEO, Inc. (FCI)
 
Ethical Hacking A high-level information security study on protecting a comp...
Quinnipiac University
 
Cybersecurity Interview Questions and Answers
Julie Bowie
 
Facts About Social Engineering Services - Aardwolf Security
Aardwolf Security
 
What Are Social Engineering Attacks .pdf
Sysvoot Antivirus
 
Why is cybersecurity important for the entertainment industry
Lisa Stockley
 
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
Ad

More from Claranet UK (6)

PDF
Hacking from the Inside
Claranet UK
 
PDF
A world of difference
Claranet UK
 
PDF
Moving on up: how agile telephony makes for a better business
Claranet UK
 
PDF
Making The Connection
Claranet UK
 
PPTX
Email: still the favourite route of attack
Claranet UK
 
PDF
Cybersecurity Toolkit
Claranet UK
 
Hacking from the Inside
Claranet UK
 
A world of difference
Claranet UK
 
Moving on up: how agile telephony makes for a better business
Claranet UK
 
Making The Connection
Claranet UK
 
Email: still the favourite route of attack
Claranet UK
 
Cybersecurity Toolkit
Claranet UK
 

Recently uploaded (20)

PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
The various Industrial Revolutions .pptx
bandileshozi3
 
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 

Gaining A Foothold

  • 3. Coming Up Different ways in Social Engineering: Phishing Social Engineering: Physical Access
  • 4. Coming Up Different ways in Social Engineering: Phishing Social Engineering: Physical Access
  • 5. Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
  • 6. Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
  • 7. Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
  • 8. Coming Up Different ways in Social Engineering: Phishing Social Engineering: Physical Access
  • 12. Phishing It’s been sent to me at my email address…
  • 13. Phishing It’s important – it’s to improve security – adds to a sense of legitimacy and urgency
  • 14. Phishing They’ve got my name right – feels more legitimate. They’re using a current and relevant issue that everyone has been talking about – GDPR.
  • 15. Phishing They’re referring to the right things – they’ve included a link for me to follow
  • 16. Phishing The footer is identical to a typical one we would see.
  • 17. Phishing There’s a deadline, it’s for security questions, I might need to remember them for the future…
  • 19. Phishing The real domain should be sec-1 not sec1… This indicates it’s probably a phishing email!
  • 20. Phishing What if we look at the link…?
  • 21. Phishing F12 to view in console…
  • 22. Phishing Sure enough, it’s the wrong domain again!
  • 24. User Awareness + Strong Security Culture There’s no magic technological solution for this. User training and awareness of how to spot a phishing scam, what to do if they do spot one and what the risks are is the best solution.
  • 25. Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
  • 26. Options… Physical Access Phising/Smishing /Vishing Malicious Files Poisoning the Watering Hole Wi-Fi External Infrastructure Websites VPN
  • 27. Coming Up Different ways in Social Engineering: Phishing Social Engineering: Physical Access
  • 29. Reconnaissance • Google maps • Street view • Satellite view • Company Websites • Job Site Postings • LinkedIn • Other Social Media • “Stake-out”
  • 34. Getting In - Challenges • Padlocks • Anti-tailgating devices • Door Keys • Codes • Security Protocols • Guards • CCTV
  • 35. Padlocks are often easy to solve
  • 41. What are we after when we get in?
  • 42. What are we after when we get in?
  • 44. Social Engineering Assessments Social Engineering is becoming one of the most effective means of gaining access to secure systems and sensitive information. What is more, the attacker requires little to no technical knowledge. Preventing an attack of this nature requires a very different set of defences to traditional cyber security defences. Raising employee awareness Your best defensive strategy against social engineering is to raise employee awareness and to educate on good practices. A social engineering assessment from Claranet Cyber Security allows you to see how susceptible your staff might be when presented with an attempt by an attacker to trick them.Theresults of social engineering assessments can be used to direct training, create data handling guidelines and security policies. Typical social engineering engagementsinclude: • Phishing & spear phishing campaigns - tricking users via email • Physical entry - gaining unauthorised access to buildings • Baiting - tempting users into plugging in USB drives... • Staff impersonation - in order to obtain information or access remotely Contact us on 01924 284240, or info@sec-1.com, for a free scoping exercise and quote. Next Steps
  • 45. Next Steps Infrastructure Testing The principal aim of infrastructure testing is to highlight where vulnerabilities exist in computer systems that could provide unauthorised access or serve as an entry point into private areas of the network and to sensitive data. Infrastructure testing applies in many areas including internal, perimeter, and cloud. It also applies to many technology areas from PCs and laptops to smart phones and Wi-Fi networking. From a hacker’s perspective each area represents an opportunity to attack, opportunities that can be minimised by reviewing your security in the same way you would your buildings or physical assets. Infrastructure testing can be deployed as a stand-alone exercise to provide a comprehensive view of the vulnerabilities and associated exploits or can be used as an element in a wider simulated attack including web application, social engineering andphysical access assessments. Contact us on 01924 284240, or info@sec-1.com, for a free scoping exercise and quote.
  • 46. WebApplication Testing Available to hackers 24x7 and brim-full of data, web applications present a tempting target for hackers. Our penetration testing relies on the manual exploitation of vulnerabilities so you get the assessment of business risk that only an expert tester can provide. Wecombine this with the use of the best automated tools. All assessments are followed by a comprehensive report, with both non-technical and technical descriptions, alongside recommendations for remediation. Weprovide visibility of risks including: • Unauthorised access past authentication controls to escalate privileges • Introduction of malicious code • Manipulation of the application’s function • Defacing of the website or causing disruption • Gaining access to the hosting infrastructure Contact us on 01924 284240, or info@sec-1.com, for a free scoping exercise and quote. Next Steps
  • 47. Claranet Cyber Security continually invests in hiring the most experienced, highly trained teams in the industry. A core part of delivering the best service is our commitment to being fully accredited across all the major standards in IT security. These include: Our accreditations
  • 48. For more information about our all our Cyber Security Services please call: 01924 284 240 Or email: info@sec-1.com

Editor's Notes

  • #4: Looking at ways into an organisation, then focusing on two different social engineering techniques, with a demo of a so-called “Rubber Ducky”
  • #6: There are lots of possible ways in to an organisation – here are listed some common ones. There’s the external footprint – infrastructure, VPNs, Websites etc. Then there’s social engineering – phishing/smishing ( phishing over SMS)/vishing (voice phishing – ringing up the helpdesk posing as an employee and having the password changed.), or even sending a malicious file to users (“please fill in this .docx and send it back to ensure you get your Christmas bonus”). Then there’s your onsite stuff – wi-fi connections, physical access (breaking in and social engineering). Or even poisoning the watering hole (large companies with a mature security culture and water tight security can be targeted via silently compromising a smaller company with considerably less security resources that they have a trust relationship with, e.g. their cleaning contractor).
  • #7: We are going to focus in depth at two of these – phishing…
  • #8: … and physical access.
  • #11: Here’s an example email that’s been sent to me…
  • #12: Zooming in, we can pick out some key features
  • #13: (The observant onlooker may have already noticed the problem)
  • #18: These things are all adding to a sense of legitimacy, and also, urgency – the sort of thing I might set as a reminder to-do on a Friday afternoon when there’s no point getting stuck into a big, new task. In fact, with the right timing, we could use that to our advantage.
  • #23: This is something that is very subtle – adding or removing common punctuation would be one way to create a legitimate seeming domain. Other options – leaving out or adding in letters/slightly different spellings, different top level domain - .co.uk rather than .com, changing w to vv and so on.
  • #27: Let’s say that phishing hasn’t worked, we will turn our focus now instead to physical access!
  • #30: The first step Is reconnaissance – things that can be done, typically sat at home on your sofa, using open source tools. - mapping tools, web cams etc. - company research on websites, job postings and social media trails - social media (both company based and the personal use of employees) (note that as a consultancy we would likely leave this personal social media out but criminals probably don’t care about individual privacy!) - observing, perhaps from a nearby business, building or car park
  • #31: This is the Sec-1 offices on google maps using satellite view! We can already see key features – car park on two sides, main front door, trees and bushes on the other two sides, but no obvious perimeter fences. Fairly quiet area, couple of buildings nearby too. Fairly small based on size of building and number of cars.
  • #32: …And again from street view. We can see some colleagues there potentially having a cigarette – it could be an option to follow them in? Again, confirmation that there’s no obvious perimeter defences, padlocks, gates fences etc.
  • #33: We can even zoom in on the door – loos like there is some sort of key pad – the numbers will be the 4 most worn keys most probably – some shoulder surfing might give us an idea of what order they go in. It might also be possible to tell at this point if there’s any shutters, turnstiles, a reception area, security guards, etc.
  • #34: A quick look over the company website shows an example of an employee – red branded polo shirt and lanyard – if we can recreate these, find a manager on linkedIn that we can fake a meeting for, and walk in confidently, maybe sign the visitor book with a fake name if needed we are in and sorted!
  • #35: Once we are on-site we might face a few different challenges!
  • #36: Locks and padlocks – sometimes only need a screwdriver.
  • #37: … and failing that a set of lock picks. There’s always the options of some heavy bolt cutters, but it looks a lot less conspicuous this way!
  • #38: Anti-tailgating devices (turnstiles, etc.) aren’t always this easy to get around! However this recent example gives an idea of how we might get around them - a company in a large building who held a fire drill every week at the same time on the same day where everyone had to evacuate the building would turn off the turnstiles and just open the gates to get everyone back in hassle free – joining in with the crowd and we get ushered in straight away with no issues.
  • #39: What do hand warmers have to do with physical security? “Request to exit” doors sometimes have a sensor feature where it detects that a person is present and wants to leave, so opens the door for them. These operate by detecting a combination of heat and movement. A hand warmer on a stick, waved around under the door provides heat and movement, tricking the sensor into believing someone is present and needs to exit.
  • #40: On the left here is a Proxmark, and on the right, a keysy. The Proxmark will clone a key card – if someone has left theirs lying around, or you can convince someone to lend you theirs by posing as a door engineer this can quickly be cloned. The keysy does the same thing for RFID devices.
  • #41: Shoulder surfing! Protecting against it isn’t easy, it goes back to user awareness and security culture – being aware of what is on desks and screens, and who might be looking when you’re typing in passwords
  • #42: We’ve all done this – left our computer unlocked when away from your desk. It starts by turning around to say something to a colleague, and then you go and make a cup of tea, and the computer is left there wide open. An attacker only needs a minute or so to run something like a Rubber Ducky and they’ve got their claws in.
  • #43: Again, a strong security culture and user awareness is the only thing that will stop this from happening – learning to press the WIN-L combination every time you turn away.
  • #44: Once we are in, or even if we left some of these lying around labelled ‘photos’ and seeing if someone will plug them in for us, we can loo at using one of these devices. We have on the left - a rubber ducky – this will emulate a keyboard and can use it to download further malicious files from our waiting server and then create a reverse shell. The top – a LAN turtle – giving access to the network The right – USBKill – this will send -200V repeatedly into whatever it is plugged into wiping them out fairly quickly! And the bottom – a wi-fi pineapple. This doesn’t even need to be plugged in, and someone in a café next door could be using it – this will spoof wi-fi connections, stealing credentials and man-in-the-middle-ing traffic.
  • #46: That brings us to the end of our presentation – thanks for watching!