Info
Content

Physical Security

1. Red Teaming Basics

2. OSINT Advanced

2.1 Keeping Anonymity

2.2 Big data

 

2.3 Ctf path Forensics and OSINT

2.4 Dark web and vpn operations

 

3. Social Engineering

https://github.com/v2-dev/awesome-social-engineering

Books

Social Engineers' Playbook Practical Pretexting

3.1 Physical Social Engineering

Using social engineering as part of actual Red Team operations with the intent of tricking unsuspecting users is also well within the realm of Red Team. Tricking people is optional though. You can skip the phishing part and use seeded access, or intentionally creating remote access to a specific host or hosts, to make your operations less time consuming. This function is distinct from phishing assessments which are for end-user awareness measurement and training. Example: You’re tasked by the intel team to create a convincing whale phish to test against your C-suite. Skill Building: Check your spam folder for phishing samples, and try out @HackingDave’s Social Engineer Toolkit for the nuts and bolts.

3.2 Phishing

SET

3.3 Privacy engineering path

3.4 Cyber anti-Forensics

 

4. Physical Attacks

Some Red Teams include physical within their scope of operations. This can be as simple as hiding a drop box somewhere on site, to a full on covert entry scenario. Don’t expect every organization to be excited about this. It’s a fun topic, but often not a risk organizations are interested in mitigating. Example: Network jacks in the headquarters lobby are on the internal LAN, and you need to demonstrate an attack against them.

4.1 Physical Security system bypassing

4.2 Badge Hacking

4.3 Physical Network Operations

  • Network Implants

  • LAN Tap Pro

  • LAN Turtle

  • Bash Bunny

  • Key Croc

  • Packet Squirrel

  • Shark Jack

Tools

Cameradar tool https://github.com/Ullaakut/cameradar

Pentester backpack:

https://www.tunnelsup.com/contents-of-a-physical-pen-testers-backpack/

4.4 Embedded and Peripheral Devices Hacking

4.5 Lock picking

Awesome lockpicking repo https://github.com/meitar/awesome-lockpicking

4.6 Physical Forensics and anti-Forensics

 

5. A complete physical penetration test

https://www.tevora.com/red-teaming-penetration-testing-social-engineering/

Misc videos

https://orwl.org/

https://www.youtube.com/watch?v=P4HIDJ-5lJo

https://www.youtube.com/

https://www.youtube.com/channel/UCHmPMdU0O9P_W6I1hNyvBIQ

https://discord.com/channels/519305887978881075/635381846972301312

https://www.youtube.com/watch?v=ozIKwGt38LQ

https://www.youtube.com/channel/UC6107grRI4m0o2-emgoDnAA

https://wn.nr/7Vy9cw

No Comments
Back to top