If sanctioned by the employer and you have a fully executed MSA and SOW, it would fly if you are taking it from one of their offices. We do this all the time. However, I would think all that would change if you took it from a user while at Starbucks, etc. What would happen if an undercover cop caught you while in the act? I personally wouldn't do it. Too many things could go wrong.
On Wed, Jan 15, 2014 at 11:51 AM, Chris Campbell <[email protected]>wrote: > Interesting point, it would essentially be employer sanctioned assault if > you snatch the laptop, don't think that would fly. > > On 15 Jan 2014, at 16:09, Michael Yemane <[email protected]> wrote: > > Interesting hypothetical situation. Never done it, but I would be hesitant > on such a test. I would have a good lawyer look at it first. > Anything outside a clients physical boundary is a grey area I would think. > > Mike > > > > On 1/8/2014 6:45 PM, Jamil Ben Alluch wrote: > > Hello, > > I was working on a mental exercise to see how far a pen test could be > taken, and came up with this question for which I'd like to have some input > from those who have done it or would never do it and why (any specific case > that could be shared). > > Has it ever come in your scope/rules of engagement the concept of > stealing a corporate laptop/device from a given employee given the > possibility (with the organization's blessing of course) and use that to > leverage access say to a VPN, admin panels, etc? > > The concept itself seems to be at the very edge of legality, but I was > wondering if this is something that has been attempted and successfully > bore fruit. > > The given scenario I was thinking was about people who work out of the > office but still have access to critical systems/data within the > organization and become careless with their devices outside of the work > place (starbucks, restaurant, airport, bus station, etc..) - It's not hard > to imagine somebody snatching or borrowing the device in order to gain > access to a deeper level. > > Anyways, food for thought. > > Best Regards, > > -- > Jamil Ben Alluch, B.Ing., GCIH > <http://www.autronix.com> > [email protected] > +1-819-923-3012 > ᐧ > > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
