this post was submitted on 10 Feb 2024
749 points (99.1% liked)

Technology

60079 readers
3354 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] capital@lemmy.world 10 points 10 months ago (1 children)

Besides the obvious nefarious purposes, a pen test is something legit I can think of that would be useful for.

[–] null@slrpnk.net 0 points 10 months ago (1 children)

Why do you need the device to be unnoticeable for that?

[–] capital@lemmy.world 15 points 10 months ago (2 children)

You can’t see how being less detectable might be in your favor for a pen test?

[–] null@slrpnk.net 0 points 10 months ago (2 children)

It's not spy work, it's testing a system.

[–] Socsa@sh.itjust.works 2 points 10 months ago

Part of modern pen testing absolutely involves a bit of social engineering to test policy enforcement

[–] capital@lemmy.world 1 points 10 months ago

There can be a physical component to it though I’m not too sure about how prevalent it is. Which would be aided by blending in.

[–] Rodeo@lemmy.ca -2 points 10 months ago (1 children)

Is pen testing a visual test now?

How does the physical appearance of the device affect its electronic penetration?

[–] KairuByte@lemmy.dbzer0.com 7 points 10 months ago (1 children)

Yes? Pen testing is often “I am hiring you to see how far you can get into the company infrastructure under these constraints.” This includes human interaction, and humans can be a barrier to a pen test.

Part of that is going to be looking as innocuous as possible. Though admittedly that isn’t always the case. This kinda gets blown away when someone goes “oh look, that’s a flipper zero, aren’t those used for hacking?”

[–] Rodeo@lemmy.ca 1 points 10 months ago (1 children)

Interesting. It sounded kind of ridiculous to me, I guess I didn't consider gaining access to a building or something.

[–] KairuByte@lemmy.dbzer0.com 1 points 10 months ago

Ah okay, I see the confusion. A lot of people think pen testing is just “try to break into our app” or “try to get into our network” but those are usually narrow scope pen testing.

If you truly want to test your security, you can never rule out physical access. You could have the most secure network in the world and it would mean nothing if you kept it in an unlocked room in a publicly accessible area.

And you’d be surprised by the number of times pen testers gain access to those rooms because of human mistakes.