• null@slrpnk.net
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    4
    ·
    10 months ago

    Why do you need the device to be unnoticeable for that?

    • capital@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      10 months ago

      You can’t see how being less detectable might be in your favor for a pen test?

        • Socsa@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Part of modern pen testing absolutely involves a bit of social engineering to test policy enforcement

        • capital@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          There can be a physical component to it though I’m not too sure about how prevalent it is. Which would be aided by blending in.

      • Rodeo@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        10 months ago

        Is pen testing a visual test now?

        How does the physical appearance of the device affect its electronic penetration?

        • KairuByte@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          7
          ·
          10 months ago

          Yes? Pen testing is often “I am hiring you to see how far you can get into the company infrastructure under these constraints.” This includes human interaction, and humans can be a barrier to a pen test.

          Part of that is going to be looking as innocuous as possible. Though admittedly that isn’t always the case. This kinda gets blown away when someone goes “oh look, that’s a flipper zero, aren’t those used for hacking?”

          • Rodeo@lemmy.ca
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            Interesting. It sounded kind of ridiculous to me, I guess I didn’t consider gaining access to a building or something.

            • KairuByte@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              10 months ago

              Ah okay, I see the confusion. A lot of people think pen testing is just “try to break into our app” or “try to get into our network” but those are usually narrow scope pen testing.

              If you truly want to test your security, you can never rule out physical access. You could have the most secure network in the world and it would mean nothing if you kept it in an unlocked room in a publicly accessible area.

              And you’d be surprised by the number of times pen testers gain access to those rooms because of human mistakes.