Some notes about Ninja Hacking – Dirty and “no rules” Hacking
Attack powersupplies
Call Sys Admin at 2am, demoralise them
Confuse Admins
Play on Bad News and make them nervous
Spear Phishing attention grabbing via Insurance – Very american
More playing on fear to Spear Phish – loss of job
More playing on fear to Spear Phish – Mergers
Investigators
Soc Eng
Fake Facebook of sexy woman
Don’t take an Ninja hack untill you have done all the other basic hardening first
Unique access methods
Only find one way in, not all ways in
Get contact phone numbers
Vendors, contractors, suppliers – Physical attacks
Hijack VPN connection
Attack the users home system, not the corp network
Multifunction devices
Wheelchairs
Identify peak network access times, start of day etc
Fan/Hate sites
Physical attacks going after apps, not OS
Looking the part for physical access
TOR
Physical Access
Spear Phishing
Certs
Biometrics
Job Listing
CVs
EXIF Data
ClickJacking
TCP/IP
LogFiles
IDS
Blocking physical access
Wireshark
BlueTooth