|
|
|
|
|
|
by salamancara
3162 days ago
|
|
|
You’re testing a process end-to-end and identifying places where the policy is either too cumbersome or ineffective. Sometimes it’s a training issue, sometimes their processes just suck and need to be changed. Physical access is enough to do a lot of damage. You could drop a 4G wireless sniffer hidden in a wall wart. You can grab someone’s password off a post-it note and then fish the RSA token out of their purse when they go to the bathroom. Now you’ve defeated 2FA and have network access from the outside. Just metasploit/nmap scan, find a vulnerable system and you’re in business. Check out the Bash Bunny — it’s a quad core attack platform running Linux. It looks like a USB drive, but emulates a whole bunch of different USB devices (keyboards, cameras, displays, etc) paired with attack tools to break into the system. Basically, if you get network access, there are almost certainly vulnerabilities somewhere. Imagine someone like the CIA who buys 0-day exploits by the hundreds — physical access makes total pwnage inevitable. |
|
|