Interesting hypothetical situation. Never done it, but I would be hesitant on such a test. I would have a good lawyer look at it first. Anything outside a clients physical boundary is a grey area I would think.
Mike On 1/8/2014 6:45 PM, Jamil Ben Alluch wrote: > Hello, > > I was working on a mental exercise to see how far a pen test could be > taken, and came up with this question for which I'd like to have some > input from those who have done it or would never do it and why (any > specific case that could be shared). > > Has it ever come in your scope/rules of engagement the concept of > stealing a corporate laptop/device from a given employee given the > possibility (with the organization's blessing of course) and use that > to leverage access say to a VPN, admin panels, etc? > > The concept itself seems to be at the very edge of legality, but I was > wondering if this is something that has been attempted and > successfully bore fruit. > > The given scenario I was thinking was about people who work out of the > office but still have access to critical systems/data within the > organization and become careless with their devices outside of the > work place (starbucks, restaurant, airport, bus station, etc..) - It's > not hard to imagine somebody snatching or borrowing the device in > order to gain access to a deeper level. > > Anyways, food for thought. > > Best Regards, > > -- > Jamil Ben Alluch, B.Ing., GCIH > <http://www.autronix.com> > [email protected] <mailto:[email protected]> > +1-819-923-3012 > ? > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
