13 hours 9 minutes

Video Transcription

Hello and welcome to another penetration. Testing, execution. Standard discussion
Today we're going to be looking at covert gathering
now. Ah, quick disclaimer. Pee Test videos do cover tools and techniques that could be used for system hacking. Any tools discussed or used during any demonstrations should be researched and understood by the user. Please researcher laws and regulations regarding the use of such tools in your given area.
So our objectives for the day are as follows
we're going to discuss on location gathering and what that looks like. We're going to discuss offsite gathering and we're going to discuss human intelligence.
let's step into on location gathering So on. Location Gathering is selecting specific locations for on site gathering on, then performing reconnaissance over time, usually a 2 to 3 day period
and in order to establish patterns and understand behaviors at the particular site.
The following elements Air sought after when performing on site intelligence gathering. So physical security inspections. So, you know, understanding that someone walked around the premise. Is anyone checking the status of any physical security implementations such offence? Health. You know, we're going to do some wireless scanning
and look for wireless frequencies and information about wireless.
We're going to look a TTE employee behavior
s. So maybe we'll try to tempt and police to let us into a facility. Perhaps we will just watch to see if they allow for tailgating or things of that nature if it's a controlled facility and they use pens and badges to get end to the facility.
If gate badges are required, do security guards check in every individual? Or do they just let everybody going at once?
So those are all things to look for accessible, adjacent facilities? And so if it's a shared facility that say that there's three stories to it, or if there's two buildings and they're connected to one another is thesis a cure facility accessible from adjacent facility that may not have the same controls or
security measures in place?
Well, look at Dumpster diving, and so are they throwing away information into a shared dumpster that can be huge if we've got, you know, paperwork from the office being thrown into general waste, and then we find that people's sticky notes are thrown away. Maybe a password sheet
is trashed without being shredded.
Maybe, ah, requisitions and orders are thrown in general waste, which could be used again
for, you know, understanding what types of equipment are being used and things of that nature within the locations. The Dumpster diving can be a huge find there
that can lead to the types of equipment that are being used. If equipment is thrown away,
our drives properly sanitized. So are we able to recover physical hard drives from devices and things of that nature that could then be used to
collect additional information credentials? Maybe the devices hard drive has some type of remote access software on it that we could then use to gain access to a facility, maybe a user safe credentials on it. The potential there is
pretty limitless and depending on the type of information that you can collect
and then off site gathering, while it's not very detailed here, is identify offsite locations and their importance in relation to the organization. These air both logical as well as physical locations, so these could be data center locations, network provisioning areas and providers, so
data center locations could be important. If we're talking about a cold site, there may not be a lot of information there. If it's a hot site where everything's replicated and there's additional, um,
systems and server infrastructure there that smeared from the primary site, that could be beneficial, especially if it's just another building or office that's maybe maintained by a small sect staff, just in case that area's needed doesn't have the same level of physical security controls in place. Is it as protected physically as
the other locations? Logically, as faras technical controls and protections? Is it easily accessible?
Sky's the limit there so again, being aware of those locations and what role they play in overall connective ity and data storage can be beneficial as far as your engagement
now. Human intelligence, uh, compliments the Maur passive gathering on the asset as it provides information that could not have been obtained otherwise, um,
as well as ADM or personal perspective to intelligence picture. So this is feelings history, relationships between individuals. Atmosphere. The methodology of obtaining human intelligence always involves direct interaction, whether it be physical or verbal, gathering should be done under an assumed identity
that would be created specifically to achieve optimal information exposure and cooperation with the asset in question.
Again, this type of information gathering is going to be tied into the overall scope and in goal of the security assessment and the work that you're doing. And
you know, this can be a very, very lengthy process. I mean, I'm not. Everyone trusts everyone in the same manner. Relationships take time to form as far as being able to
gain information
from individuals. And so depending on the scope and scale of the test, it will determine the scope and scale in which you would need to actually do any form of human intelligence gathering. But again,
this is working under an assumed identity, and there is some deception involved in this. And so you'd need to be savvy in the ways of social engineering and human behavior to really drive this home and make this a successful factor in a security test.
Now, let's do a quick check on learning. True or false, the gathering of human intelligence does not involve direct interaction with the target, whether physical or verbal.
Well, we just discussed that, and the answer there is false. So as indicated, human intelligence does involve direct interaction with the target, whether physical or verbal, in nature.
There are some indicators in the standard that you can do human intelligence gathering through surveillance and things of that nature.
But that's getting to be a little more in the private investigative type review than it is more a security type review.
And for the sake of this particular discussion, human intelligence does involve direct interaction with the individuals in question. So in summary, today's discussion we looked at on location gathering. We looked at off site gathering, so like data centers and things of that nature,
and we looked at human intelligence at a high level.
So with those things in mind, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Penetration Testing Execution Standard (PTES)

In this course we will lay out the Penetration Testing Execution Standard (PTES) in all its phases and their application for business leaders and Security Professionals alike.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica