From: Rob Shein (shoten@starpower.net)
Date: Sat Sep 25 2004 - 15:18:34 EDT
While the 802.11x, bluetooth, and generic spycam scanning components are
easy enough, when you get into countermeasures against real,
professional-grade bugs you're getting into a whole new world. For one,
you're going to have to throw down thousands on gear, and then you're just
getting started. The basic gist of a bug sweep...and mind you, this will
only detect bugs that are transmitting...is to do a sweep, locate sources of
RF noise, eliminate them, and then repeat until the area is clean. You'll
be amazed at how hard this is to do; the average modern environment is
insanely noisy in terms of RF emissions. And then it won't catch bugs that
are wired to a more distant transmitter, laser mics being bounced off of the
windows, or doppler radar being used to detect the modulation of an object
in the room in response to sound waves. The later scenarios show
increasingly funded and well-trained adversaries, but the technology and
skills aren't restricted to the realm of governments anymore, either.
> -----Original Message-----
> From: Chuck Fullerton [mailto:chuckf69@ceinetworks.com]
> Sent: Friday, September 24, 2004 4:59 AM
> To: RoF@yahoo; Pen-Test
> Subject: Wireless Scanning
>
>
> Everyone,
>
> I'm currently looking for a tool (or compliment of tools) to
> perform Wireless Scanning during a Pen test. My plan is to
> Scan first for the presence of 802.11(whatever), bluetooth,
> spycams, bugs, etc. Once these are detected, then each of the
> items found can have their security tested. My goal of being
> able to do this is to Take a good security audit methodology
> (such as the OSSTMM) and scale it down for small to medium
> business effectively.
>
> Can any one recommend tools that they have used to detect these items?
>
> Chuck Fullerton
> CEH,OPST,CISSP,CSS1,CCNP,CCDA,CNA,A+
>
>
>
> --------------------------------------------------------------
> ----------------
> Ethical Hacking at the InfoSec Institute. All of our class
> sizes are guaranteed to be 12 students or less to facilitate
> one-on-one interaction with one of our expert instructors.
> Check out our Advanced Hacking course, learn to write
> exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen
> testing experience in our state of the art hacking lab.
> Master the skills of an Ethical Hacker to better assess the
> security of your organization.
>
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
--- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:06 EDT