what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Thursday, May 15, 2014

OLD SCHOOL PIZZA ATTACK STILL WORKS

We all know of old stories told years back in 2000-2003, where pentesters would walk into Data-Centers with Pizzas sandwiching laptops and they would get through and set up backdoors in an infrastructure. A lot of people love Pizza, it has the addictive addons, and this makes its a very good source of sport during Black Box Penetration testing, when on Surveillance And Recovery Assessments, Social Engineering Assessments, Red Team Assessments and several others to accomplish the BlackBox.



So we had this Blackbox Pentest last year, and i actually was afraid of this one coz i actually thought this will be hard to hack into, but anyway, i always know what challenges you makes u better and stronger.

After several go throughs', on Surveillance and Recovery we found out about one of the Directors, who seemed to be a silent investor and is based in Nairobi. We also found out about the WiFi used at the office, and an internal Data-Center that was a replica of what we were targeting in the cloud. So we needed to set up a plan and execute this attack professionally.

First step was to hack into the wireless network and second was to find a place to set up shop near their HQ office.

We started the Social Engineering Assessment due to the fact that the old school ways of Wireless Assessments weren't working, and we combine both assessments together, because breaking this WiFi Key would take 20 years or so and we didn't have such amount of time, this was a three months Penetration Testing. We had to target the Support office, they must have had the control to almost everything we wanted.

A few calls to the IT Team, pretending to be the Personal Assistant to the targeted director and all i had was to convince them that their Boss had bought them Pizza as a gift, for their hard work, and that he needed the number for all the members working that night and the next morning.

In the evening i hired a bike and bought about six pizzas at Pizza Inn, Westlands and was on the road for my delivery. I also made sure my phone was silent, no camera flash and blocked number just in case they had it.

On arrival, i kinda enjoyed a chat with them, then eventually asked for the Wireless Key to go online on FB. As the IT Guy was munching up on the delicious meal, he happily penned it for me on a paper. Yes the key was long, at the same time i had the chance to walk through the floors and captured as many frames as possible on camera. Next step was to set up a Safehouse near their offices and within a few weeks we had rooted most of their Servers, workstations and network devices.