You could look at a way of tagging laptops as stolen to show how "easy" it is to steal them then use a similar approach to Robin
Tim Krabec tkrabec.com Bio On Wed, Jan 8, 2014 at 7:12 PM, Robin Wood <[email protected]> wrote: > > > > On 8 January 2014 23:45, Jamil Ben Alluch <[email protected]> wrote: > >> Hello, >> >> I was working on a mental exercise to see how far a pen test could be >> taken, and came up with this question for which I'd like to have some input >> from those who have done it or would never do it and why (any specific case >> that could be shared). >> >> Has it ever come in your scope/rules of engagement the concept of >> stealing a corporate laptop/device from a given employee given the >> possibility (with the organization's blessing of course) and use that to >> leverage access say to a VPN, admin panels, etc? >> >> The concept itself seems to be at the very edge of legality, but I was >> wondering if this is something that has been attempted and successfully >> bore fruit. >> >> The given scenario I was thinking was about people who work out of the >> office but still have access to critical systems/data within the >> organization and become careless with their devices outside of the work >> place (starbucks, restaurant, airport, bus station, etc..) - It's not hard >> to imagine somebody snatching or borrowing the device in order to gain >> access to a deeper level. >> >> I've never stolen one but I've been given a corporate iPad and told to > see how far I could get. I guessed the PIN, found stored VPN creds, > connected, exploited the Citrix environment, pivoted and exploited more and > ended up as domain admin. > > It is really fun exercise having to go through so many different > technologies. > > Robin > > >> Anyways, food for thought. >> >> Best Regards, >> >> -- >> Jamil Ben Alluch, B.Ing., GCIH >> <http://www.autronix.com> >> [email protected] >> +1-819-923-3012 >> ᐧ >> >> _______________________________________________ >> gpwn-list mailing list >> [email protected] >> https://lists.sans.org/mailman/listinfo/gpwn-list >> >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
