I will bite on this although it will not be the first pentest but one of the funniest. It is also summarized as I'm swamped with work, studies, etcClient
- contractor in the defense sector. SOW - Attempt to pierce a tunnel between a moving vehicle and their connection to a five sided building in DC. Caveat according to the douchebag contractor: "There are M16s on each side of the tunnel"Technology
- Sprint EVDO private connection, moving GMC Tahoe with connections made via RSA tokens, etc.
We first thought about the parameters:
1) Hacking while driving, not an easy task, rent a truck, car, someone else driving? Too complex besides, we'd be so filled with false positive connections throughout the airways, we'd have a better chance at winning the powerball then finding a right connection. Even if we did, would be hellish to MITM 1) Sprint 2) anything in the truck. Even if we did, RSA keyfobs would be a hurdle
2) Social engineering was off the table. Besides, we didn't know who would be driving the vehicle, etc
3) Clusterfuck - we can't walk into the other endpoint not SE anyone thereSolution:
Visitor client side attack
Won't get too technical nor give away too much info. One of the contractors accidently decided to check their e-mail from a network with a loaded NAC (Packet Fence) with iFrames injected to compromise their machine.
They were owned before they got into the truckGame time:
They get in the van, we drive maybe 100 feet, pull over, hazard lights on, explain, game overLessons learned:
Use your own darn connections. It doesn't matter if there are 50 cal sniper rifles behind any tunnel when you have no attacker to aim at. We explained to the client the difficulties associated with attacking them head on. We explained that "Hollywood" attacks are so unlikely that it would be an expensive task to pull off not to mention that driving while doing so would not be worth the effort. We explained why client sides are far more dangerous in the long run. They needed to understand this in order to understand the nature of defense via offense.
This was now 3 1/2 years ago
I miss those days. Nowadays things have sort of slowed down for me