Time
7 hours 17 minutes
Difficulty
Beginner
CEU/CPE
7

Video Transcription

00:01
Okay, so that's it for this module. So let's just go over what we learned here s o. First we talked about the types of approaches that testers can use while testing. We talked about over testing and how that's Ah, really done out in the open, but with maybe a cover story. And we talked about covert testing where
00:20
that's also sort of done in the open, but they're not really trying to engage with people, but they may if people come
00:27
near them. And we talked about unseen testing or these This is one. Testers do not want to be seen by anyone there. They're doing their tests and trying to avoid people. Then we talked about exploring target sites and what what areas of an organization testers can explore. We talked about reception desk and how
00:47
they can social engineer, the reception desk and what else they could do there.
00:51
Talk about guard stations and how they have usually have important items like, say, like keys or communication devices they can take. We talked about meeting rooms and how, even though that really seems like a low Valley area, it could be very valuable to the tester to kind of set up shop there.
01:08
Then we talked about supervisor offices and how these officers have ah, usually the assets are our data that testers were looking for and how they can also use these offices to so fringe in your other workers.
01:23
Them talked about certain rooms and switch closets and how these areas can have, ah, where testers can implant devices to snoop on data and how the servers can have all the data that the testers maybe looking for. And then we talk about storage areas and how these areas
01:42
have high value items
01:45
and heather, big target for testers and thieves alike.
01:49
Then last section, we talked about examples of access methods. We talked about tailgating and how that could be accomplished following someone into a building.
01:59
And then we talked about the types of clothing that testers may wanna wear to blend end and how to make it believable convincing.
02:07
Then we talked about hiding an elevator, how that might be unexpected, but maybe a good way to to hide and just emerge once everyone leaves the last. We we talked about meeting with employees or fake employee and how to make a convincing story around that.
02:25
Okay, so the next module, which will also be our last module, will be talking about improving security. We talked about all the things you can do to break into place, and now we'll tell you how to improve security of those places. But first, we're gonna have a quick quiz to test your knowledge.
02:44
Okay, first question here. Dwight is performing a physical penetration test to an organization that is located in your forest.
02:52
Dwight decides to sneak in the organization's building through the woods and enter the building without being noticed. What type of testing approaches this called? Is it a over testing?
03:02
Is it be covert testing said See introvert testing?
03:07
Is it D extrovert testing
03:09
or is it e unseen testing?
03:13
Give me a minute to decide
03:15
the answer. Lose E. He's performing a test without wanting people to see him, so he's doing unseen testing.
03:24
Okay.
03:27
Next question, Dwight, a physical penetration tester, enters an office and walk straight into the manager's office. He emerges from the office and begins giving orders to office workers. What is Dwight trying to accomplish as a trying to peer like he's acting on the behalf of the manager in order to social engineer the other workers.
03:46
Is it be trying to appear like he's acting like a new low level worker
03:51
in order Social Neera, Other workers? Is it see trying to steal important data from the manager's office? Or is it d trying to feel like he has power over others as he's finishing up his penetration test? Give you a minute to think about it.
04:08
The answer is a trying to peer, like he's acting on the behalf, the manager and ordered a social engineer. Other workers, um, the other answers may work B, but really, if you're low level worker, you can't really social dear as well, because he's trying to get that authority over people.
04:26
Okay, let's move on. Next question.
04:30
Kevin. A physical penetration tester locks in office elevator from the inside using an elevator key.
04:35
What is Kevin most likely doing? Is that a trying to prank his coworker? Dwight
04:42
would be hiding and waiting for everyone to leave so it can emerge later to perform this penetration test.
04:46
See hiding and waiting for everyone to show up so we can emerge to perform his penetration test or that d waiting for maintenance says, Show up so you can pretend to be an office worker.
04:58
Give you a minute to think about it.
05:01
The answer is B hiding and waiting for everyone to leave so it can emerge. Layer two forms penetration test. So he's most likely hiding in. Some answer wouldn't be see because he doesn't want people to be there. And D doesn't really work, even though it's sort of social jeering. But the correct answer is B. Okay, so let's move on in the next module.

Up Next

Physical Penetration Testing

A physical penetration test is a process in which the tester identifies and exploits vulnerabilities within an organization’s physical barriers and controls. It's for organizations to gain insight towards their physical security protocols and improve them.

Instructed By

Instructor Profile Image
Shawn Briere
Information Security Analyst
Instructor
Instructor Profile Image
Dustin Parry
Network Security Engineer
Instructor