학술논문
Red Team Ethical Physical Penetration Testing Simulations using Open Source Intelligence
Document Type
Conference
Author
Source
2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC) Computing and Communication Workshop and Conference (CCWC), 2023 IEEE 13th Annual. :0572-0578 Mar, 2023
Subject
Language
Abstract
Recent studies have shown the importance of ethical physical penetration testing as part of an overall cybersecurity defense. However, these techniques are often neglected in a traditional undergraduate curriculum. We have developed a physical pen testing training program using a combination of free, open source intelligence (OSINT) tools and low-cost hardware (such as the Arduino). We present a series of education modules covering tools and concepts such as covert entry (lock and key bypass, including elevators and wall safes), social engineering (pretexting), and cloning RFID credentials. The framework is developed and assessed using the proven Octalysis gamification framework. Before/after testing on a sample student population is conducted to demonstrate short-term learning.