what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Tuesday, July 02, 2013

DOGS -THE INTRUSION DETECTION SYSTEM

There is nothing which is as bad as being caught by an IDS during a Penetration Testing. Well, i have been caught several times and i will not deny it, i felt terrible.

I remember a few days ago i was in the middle of this assessment and i found a hole on a XAMPP server, and also found out the phpmyadmin CMS was not protected.  It was on the first days of the assessment and i thought there was no need to exploit the flaw even when it was all there for me. So i decided to run Acunetix, due to laziness, because i had loads of other machines on the network to look into. Immediately an IPDS installed on that box shut down all corners of the xampp box, and i couldn't even access the phpMyAdmin. Now that was demoralizing.

So a few nights ago we were doing a recon against a target, collecting information, picking up activity log, registering movements, occupants, picking email addresses and developing a distributed metastasis plan, until when i decided to enter the compound to try get more information especially from their dust bins, since running coverage wasn't as fruitful as we needed. Me and my team we never thought that, the dogs were let out in the compound at a certain point. These big mean beasts were always in the house, feeding and sleeping. Jumping over the fence was easy, the compound is located at cool quiet Estate in the uptown Nairobi. During these tests where Physical, Social and Operational is used, arming yourself with "Get Out Jail Free Card" is advisable due to cops and guards.

Remember dogs are so used to seeing people and you can easily walk through the front door and it will think its just a normal guest.The problem is if you try to break in or jump through the windows and they spot you, you are dead. Learning the dog breeds is one other important aspect that we didn't consider, professional burglars do it. During pentesting we also try to figure out the remote AV versions, IDS version, but unfortunately here we didnt  even get to understand which breed was guarding the house.

2 minutes near the veranda, and these three dogs just jumped out, i almost pooped, i knew i had been caught. Luckily i am really fit, i just turned, dropped my torch and moved real fast towards the fences with dogs on my heels.

Well we eventually found a way to gain access to the target infrastructure and did our reporting, and the mention of the Dogs issue wasn't mention there. Am sure even right now they still think, there were burglars in the compound, or maybe not.





No comments: