Physical Penetration Testing

Redacted from Walter Belgers's SHA2017 talk:
http://bit.ly/2x6jIn3

  • no code
  • no CVE
  • no framework
  • no buffer overflow
  • no asm
  • no ebuild


only tricks!

Disclaimer

Data protection

IT Security vs Physical Security

Hack a Data Center

Step 1

Break into

"Problem"

A door without external handle (i.e. emergency exit)

Solution

Under the door tool

Solution

"Problem"

A door without an handle (i.e. door knob)

Solution

A door without an handle (i.e. door knob)

"Problem"

A door with a block device

Solution

"Problem"

A door with a [block]chain :D

Solution 1/2

Solution 2/2

Problem

for real...

""Problem""

An unlocked door with a hole

""Problem""

An unlocked door with a hole

"Problem"

A vasistas windows half opened

Solution

This thing...

Solution

in action

Brute-force

Exploit physical weakness: lock snapping

Brute-force

Exploit physical weakness

Lockpicking

next time.....

"Problem"

Sliding door with enter only validation

Solution?

What would yo do?

Solution

Now?

Physical Penetration Testing

By Edoardo Rosa

Physical Penetration Testing

Redacted from Walter Belgers's SHA2017 talk: http://bit.ly/2x6jIn3

  • 3,045