Two methodologies for physical penetration testing using social engineering

T. Dimkov, Wolter Pieters, Pieter H. Hartel

    Research output: Book/ReportReportProfessional

    879 Downloads (Pure)

    Abstract

    During a penetration test on the physical security of an organization, if social engineering is used, the penetration tester directly interacts with the employees. These interactions are usually based on deception and if not done properly can upset the employees, violate their privacy or damage their trust towards the organization, leading to law suits and loss of productivity of the organization. This paper proposes two methodologies for performing a physical penetration test where the goal is to gain an asset using social engineering. These methodologies aim to reduce the impact of the penetration test on the employees. The methodologies are validated by a set of penetration tests we did in a period of two years.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages11
    Publication statusPublished - 17 Dec 2009

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.TR-CTIT-09-48
    ISSN (Print)1381-3625

    Keywords

    • SCS-Cybersecurity
    • METIS-264260
    • EWI-17043
    • physical security
    • IR-69064
    • Penetration Testing
    • Research ethics
    • Methodology
    • Social Engineering

    Cite this