Pen Testing - Corporate laptop theft

[Jamil Ben Alluch <jamil () autronix com>]

Hello,

I was working on a mental exercise to see how far a pen test could be
taken, and came up with this question for which I'd like to have some input
from those who have done it or would never do it and why (any specific case
that could be shared).

Has it ever come in your scope/rules of engagement the concept of stealing
a corporate laptop/device from a given employee given the possibility (with
the organization's blessing of course) and use that to leverage access say
to a VPN, admin panels, etc?

The concept itself seems to be at the very edge of legality, but I was
wondering if this is something that has been attempted and successfully
bore fruit.

The given scenario I was thinking was about people who work out of the
office but still have access to critical systems/data within the
organization and become careless with their devices outside of the work
place (starbucks, restaurant, airport, bus station, etc..) - It's not hard
to imagine somebody snatching or borrowing the device in order to gain
access to a deeper level.

Anyways, food for thought.

Best Regards,

--
Jamil Ben Alluch, B.Ing., GCIH
<http://www.autronix.com>
jamil () autronix com
+1-819-923-3012
ᐧ

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com