6.7. Summary
This has been a key chapter and a lot's been covered. Unlike other chapters where the focus has been on a single subject, information gathering requires an understanding of a number of disparate topics. In this chapter the following has been covered:
Dumpster diving – This is gathering intelligence by sorting through the things that companies discard. You should know what to look for and what to do when you find it.
Forensic analysis – These are the techniques used to image captured media and analyze it for confidential data or data that would be useful in advancing a physical penetration test.
Shoulder surfing – The practice of gathering passwords and door pins though close observation of target personnel.
Collecting photographic intelligence – Both the technical and discrete aspects involved in photographic surveillance.
Open source intelligence – Using the Internet to gather information of target organizations and personnel as well as some related social engineering techniques.
Electronic surveillance – This covered bugging, phone taps and introduced the concept of a 'creeper box'.
Covert surveillance – A short introduction to covertly observing target personnel.
At the beginning of this chapter I stated that one of its aims was to help you think like an attacker and I hope this has been at least moderately successful. Understanding how an intruder's mind works is critical for both the penetration testing team and those tasked with keeping facilities secure.
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
