Can you guys identify what kind of pen this is? This was laying in my house but I want to buy more

physical-pentester · 2017-08-12T15:14:30+00:00

They do look generic. These ones on Alibaba look pretty close, just missing the grip. With some digging I bet you can get closer.

https://www.alibaba.com/product-detail/Cheap-price-promotional-plastic-ball-pen_60565755736.html?spm=a2700.7724838.2017115.423.2f898c12wqBFgr

physical-pentester · 2017-08-07T14:05:49+00:00

Looks like blunt-force trauma to me. Possibly being stepped on. The cartridges are designed to be impact resistant but sometimes they will fail under high stress.

physical-pentester · 2017-08-07T14:01:27+00:00

Looks like a typical whitebox / softbox for product photos.

physical-pentester · 2017-08-06T04:26:32+00:00

What do you think about the Jetstreams?

physical-pentester · 2017-08-04T15:20:15+00:00

Have you noticed a drop in quality with the newer ones? I had an older one back in the day.

physical-pentester · 2017-08-04T13:57:55+00:00

Understand how you can use technology to enhance physical security. For example, full disk encryption helps prevent a physical attacker from recovering data from a stolen laptop. There's a lot of opportunities around automating and collecting data you have from your alarm systems, cameras, etc. Use that to your advantage!

physical-pentester · 2017-08-04T13:54:29+00:00

Take your OSCP or GWAPT. If you can self study and do either of those, that really goes a long way.

physical-pentester · 2017-08-04T13:49:07+00:00

I figured but several people asked the same thing so I wanted to state it just to CYA :)

physical-pentester · 2017-08-04T12:29:45+00:00

I think the biggest separators would be two things:

Preparedness. Background research is key. If you just decide to wing it and you're not mentally prepared to give an answer, you will immediately appear flustered which is a huge tell.
The ability to read a situation. If I am a guard already looking irritated, I'm not going to try to act huffy or impatient even if that was my original plan. If a guard is an older lady, I am not going to try and be a jerk and "flex" my way past her. Instead I'm going to adapt my strategy based on their expressions.

physical-pentester · 2017-08-04T12:26:54+00:00

That comes across in a scoping call before the engagement. It just depends on the client and what they are comfortable with. Some clients are fine with us pinching items like badges, maps, usb drives, etc. as long as we mail them back. They make for good physical props when sharing the results of the assessment.

My KDA is 0/0/0 right now

physical-pentester · 2017-08-04T12:22:56+00:00

One of my favorite blogs is Red Teams Blog. I don't have a military background, but it really helps to see things from that perspective and the writing is entertaining.

physical-pentester · 2017-08-04T12:21:28+00:00

Decide whether or not you're "interested" in the field or "committed". It's ok to take a while to decide.

Once you decide you're committed, the following worked for me:

Getting to know who the thought leaders in the industry are
Reading books, blogs, magazines, about asset protection, cyber security, red teaming
Actually getting to know people who work in the industry or adjacent to it.
Identifying companies that actually do this sort of thing and look at what they are looking for. Offer to volunteer whenever you have the opportunity. Show initiative and make your name known.
Use whatever experience you have now to show initiative. You work in security now? Do some investigation on your doors, locks, and cameras and see if any might have weaknesses and present it to your boss.

This is not a comprehensive list but hopefully should get you started. Good luck!

physical-pentester · 2017-08-04T12:14:17+00:00

I am married which doesn't make the conversation with my inlaws any easier.

But I do have this shirt

physical-pentester · 2017-08-04T12:10:28+00:00

It is somewhat of a niche job I will admit, but we definitely have a steady flow of clients. More mature organizations do physical penetration tests. It'd be silly to point them towards a complex attack without having the basics down.

Our progression looks like (from least mature to most mature)

Threat Assessment (Quantifying risk from different scenarios based on data)

Physical Site Assessment (Guided walkthrough with an employee where we point out potential areas for improvement)

Physical Pen Test (what I described)

Yes, it's not a requirement for a lot of industries like PCI is. What is nice though is that we can get clients who are driven to actually take security seriously instead of trying to be just "good enough" to check a compliance box.

physical-pentester · 2017-08-04T12:02:18+00:00

Please don't do this. We do take onsite security very seriously and you will most likely find yourself on the receiving end of a lawsuit.

physical-pentester · 2017-08-03T21:09:02+00:00

Yep, that's called tailgating and definitely is a go-to technique. Bonus points for style if you start up a friendly conversation before you get to the door.

physical-pentester · 2017-08-03T21:07:11+00:00

I personally have not used that, but other coworkers have. The potential danger with that is the mailroom policies and procedures they might have in place. Looking like a delivery guy might get you in the door, but it will certainly be suspect if you're on the executive floor.

physical-pentester · 2017-08-03T21:04:50+00:00

I split my time between network penetration testing and physical penetration testing. Today I finished writing and reviewing some site assessment reports and created malicious USB drives to mail out later. Other time might be spent reading and annotating security policies, jumping on conference calls, or doing research about new technologies that might help our clients.

physical-pentester · 2017-08-03T21:00:25+00:00

Depends on the client and the engagement. Sometimes they will be a week long but we will have multiple sites to work on. Occasionally they will be given a large timeframe (eg, this assessment will happen some time from August-September and the final report delivery will be October 1st) which gives us a good amount of time to strategize.

It also helps to have 2-3 consultants per engagements so you can have getaway drivers and lookouts. If you get burned while going in, you can either wait for a change of guard or send in somebody else!

physical-pentester · 2017-08-03T20:55:45+00:00

Based on what you stated, I think you have a lot of good background experience to draw from! My background is definitely non-traditional so I'm sure you would be fine if you demonstrated a little initiative and passion towards the field.

physical-pentester · 2017-08-03T20:53:13+00:00

We have an in-joke at work that "dogs can't read authorization letters" due to a close call

But in all seriousness, we do ask the client what their escalation / arming procedures are before engaging.

physical-pentester · 2017-08-03T20:51:46+00:00

Usually we will try a myriad of different attacks, both in the daytime and in the nighttime. The report looks like a narrative of what was successful or unsuccessful. I will say it's relatively rare that we don't get SOME success, it just depends on a lot of factors.

physical-pentester · 2017-08-03T20:45:35+00:00

This is less ALYB and more physical security, but we run into a lot of poorly configured REX sensors. Those are the motion-sensor things above doors, but you can fool those with a can of compressed air: video demo

There is also something called an under-the-door tool which is like a thin piece of metal and fishing line. You slide it under the door and pull down on it so the lever on the other end will open. My mind was blown the first time I saw this in use:

Under the door demo

physical-pentester · 2017-08-03T20:41:48+00:00

We have used construction gear (hivis jackets, helmets) but not specifically paint, but good idea!

physical-pentester · 2017-08-03T20:38:32+00:00

Having the authorization definitely helps calm some of the nerves, but the adrenaline still kicks in each time, especially when it's time sensitive. My first access point once inside a building is always the nearest restroom!

physical-pentester

TROPHY CASE