All tagged techniques
Site casing
A reader asked me yesterday whether it would be easier to draw a sketch of the site I am casing on a piece of paper instead of using an iPhone or iPad.
The truth is that it is. And I've been doing this since I can remember. Here's an example.
Checking your customers via open IP cameras
If you’re in public, you’re on camera. If you walk into a coffee shop, the owner gets you at the register. Visit a larger store, and chances are they have your face as soon as you cross the threshold. At least one or two of your neighbors catch you on camera when you walk around your neighborhood, and many cities monitor traffic using red light cameras at major intersections. The question is no longer if you’re on camera, but rather how many different angles you were caught on while going about your day.
With so much monitoring taking place, and with surveillance systems gaining more online functionality every year, it’s natural that securing these systems would become… complicated. And that many many are secured incorrectly or not at all. Because so many cameras and surveillance systems are completely open, it’s possible for anyone with Internet access to watch literally thousands of cameras online using only Google and a kindergartener’s understanding of the ‘Net. With a little time and patience, almost any given system, from a set of residential cameras to those used by your local police, can be accessed, viewed, and even reset if not properly secured. Of course, if you can do this, it means that anyone can do it. Feel safer yet?
Bluetooth...
On this particular project my team and I were tasked getting access to the VP of marketing's laptop. Part of the team began tailing the VP so we have an idea of what his daily routines were. The other part of the team began checking the company's network in order to try to penetrate it and find our way to the VP's laptop from there. As a last resort we would try a physical penetration of the building so we could get to the laptop.
After over a week we didn't have anything concrete on the digital pentest side, they were fairly secure. We could eventually find a vulnerability that may be exploited but we were under a very tight timeframe for the project. We were considering the physical pentest when J. called me from the field and told me that he discovered the VP has an unsecured Bluetooth connection on his laptop.
Using CARVER to identify risks and vulnerabilities
CARVER is an acronym that stands for Criticality, Accessibility, Recuperability, Vulnerability, Effect and Recognizability. It’s a system used by Special Forces to assess the targets and see which one needs to be addressed first. Let me write down what each component means in terms of information security.
This is an idea I've been playing with for a while. It's still under development, but the basic technique is similar to the one snipers use to search and detect targets.
One of the skills we learned at the scout/sniper school was the detection of targets. We would lay on our bellies and try to find hidden objects that the instructors placed in the field via the use of scopes. We also needed to detect an instructor acting like a sniper.
All the objects (or potential threats) were hidden in a large piece of land, some close and some far. It would have been almost impossible to randomly start scanning for the targets in such a large area, so a simple technique was used: begin scanning with the naked eye for objects near and from left to right, then move a bit farther from right to left, etc. Once you get to a point where the naked eye is not good anymore, use a scope.
Essentially you create a grid on the area where you move from close to far and from left to right and scan each sector for a potential threat, then you log everything you see.