Being a good storyteller can help you give a good presentation. Don't make life difficult: No Tech Hacking. I really enjoyed this video from Defcon. Give a show and use images, not bullet points !!! His book just jumped several places on my wishlist!! ;-)
If you made it through the entire presentation, let's give you some more low-tech tactics. Everyone knows the smoker backdoor tactic? Go for a job interview. Tailgating. Once inside, plant a rogue access points
Once inside, hardly anyone asks you what you are doing there. Not to mention that people are not used to question your authority if you politely explain to them that you are performing a security penetration test which aims to break into their networks. The truth is that humans can detect suspicious activities by following your body language. The more you lie the the more negative messages you are sending to the people around you and of course the higher is the chance to get caught. So, being honest is actually a plus rather then a minus.
Even having access to a conference area is quite easy as you can arrange supposedly important meeting with someone from inside. Usually you find the network jacks underneath the table where you can connect whatever needs to be connected.
...
When we were once asked to break into some organizations, which names we cannot disclose, we went exactly the opposite way of the expected. We researched the company and found all other companies they work with. Then we went onsite and discovered that some of these companies run open wifi networks for guests. It did not take us long to obtain access to sensitive mail, through leaked POP3 credentials which also got us a VPN access and other goodies.
(Source: The state of Wifi security -- Gnucitizen
Sweet. Well staying in the realms of Wifi (well sort of), let's look at Evil twins.
Just like in WiFi security, Evil Twin attacks are all about impersonating someone or something. The reason why this scenario was mentioned was because we did had a go once with it (tiger teams do all sort of cool and useful things). Then we found out that Paul and Larry also tried Evil Twin attacks against Twitchy and they all proved to be more then successful as we’ve promised in our blog post.Read the entire post for some interesting information. Remember, don't make life difficult, think low or no tech hacking.
But is that all? Just Evil Twin attacks? Well NO! Definitely not! We are just at the beginning of a whole new brave world. For example, when I approach social networks I try to look at them from Information Architecture point of view. I try to see the hidden connections between things and people and make my own conclusions depending on the my goals. And the tools are quite different and I will definitely recommend a few and even release some of my own which were built to server different purposes. (Source: Social networks, Evil twins and puppet masters -- Gnucitizen)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment