Interesting point, it would essentially be employer sanctioned assault if you snatch the laptop, don't think that would fly.
> On 15 Jan 2014, at 16:09, Michael Yemane <[email protected]> wrote: > > Interesting hypothetical situation. Never done it, but I would be hesitant on > such a test. I would have a good lawyer look at it first. > Anything outside a clients physical boundary is a grey area I would think. > > Mike > > > >> On 1/8/2014 6:45 PM, Jamil Ben Alluch wrote: >> Hello, >> >> I was working on a mental exercise to see how far a pen test could be taken, >> and came up with this question for which I'd like to have some input from >> those who have done it or would never do it and why (any specific case that >> could be shared). >> >> Has it ever come in your scope/rules of engagement the concept of stealing a >> corporate laptop/device from a given employee given the possibility (with >> the organization's blessing of course) and use that to leverage access say >> to a VPN, admin panels, etc? >> >> The concept itself seems to be at the very edge of legality, but I was >> wondering if this is something that has been attempted and successfully bore >> fruit. >> >> The given scenario I was thinking was about people who work out of the >> office but still have access to critical systems/data within the >> organization and become careless with their devices outside of the work >> place (starbucks, restaurant, airport, bus station, etc..) - It's not hard >> to imagine somebody snatching or borrowing the device in order to gain >> access to a deeper level. >> >> Anyways, food for thought. >> >> Best Regards, >> >> -- >> Jamil Ben Alluch, B.Ing., GCIH >> >> [email protected] >> +1-819-923-3012 >> ᐧ >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
