O'Reilly logo

Advanced Penetration Testing by Wil Allsopp

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7War Games

A few years ago, a bank asked me to carry out a number of tests against one of their HQs in the Netherlands. This was something they did every year and consisted of a slew of tests: build reviews, internal infrastructure, and web application testing—nothing terribly interesting. One test they wanted perform was data exfiltration testing, that is, determine how easy it is for a user to get critical data out of the building once it had been obtained. In this particular scenario, it was very easy because every user had web-to-desktop, email, working USB drives, access to internal email, and so on, but it got me thinking about scenarios that would be deployed in many later, more relevant tests. The major takeaway from this is that it is worthwhile to conduct exfiltration testing only in a genuinely secure environment where your users are subject to a limited degree of trust. That is what this chapter is all about.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required