Escalating privileges with physical access

While writing this chapter, Bo got given a chore by a friend, where he needed SYSTEM access to their laptop. They had gotten a call from a social engineer who told them he was from Microsoft, and that the friend had a problem on their computer. The pitch was that the Microsoft engineer had gotten to notice somehow that the friend's PC was infected, and the "Microsoft engineer" was there to help. After destroying files on the laptop, they then locked the system with a password, and locked out all the accounts except the one that was used during the exploit. They demanded $199.00 for the password. Even a smart and knowledgeable person can be caught by a good social engineering con. This shows the power ...

Get Penetration Testing: A Survival Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.