September 2009
Intermediate to advanced
307 pages
7h 46m
English
Content preview from Unauthorised Access: Physical Penetration Testing For IT Security Teams
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
3.3. Example Tactical Approaches
These are specific approaches that I've found to be very effective in most circumstances. Self-confidence is a powerful factor in any testing situation and absolutely necessary to your success. It's a cliché but if you believe in yourself and your chosen persona, others will too.
3.3.1. Tailgating to Gain Entry
Tailgating is an attack that you can use in any environment that makes use of proximity door controls. In principle, the concept is simple enough but in practice, it requires a little forethought for successful execution. You (or an intruder) are unable to open proximity door locks without an activated token. To overcome this, you wait until a legitimate pass holder opens the door and then slip through behind them. It is important to do this in a way that does not draw suspicion.
A classic approach is to 'talk' on your mobile phone near the door and conclude the call just as someone passes you in the hallway and opens it. Then you follow them. Give the impression that you've just gone out to take or receive a phone call, which you've now concluded and are returning inside. Don't make eye contact if possible and seem preoccupied, frustrated or generally annoyed. These are natural emotions in most corporate environments and your mark will know better than to challenge you, although most of the time he won't even notice you.
This completes the con. Be careful though. Although this is a great technique for breaching border security – particularly ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.