Thursday, July 17, 2014

Physical Pentest Tactic: Be Modest With The Car

This may seem like it's obvious to some people but i've heard some stupid stories.

I'm going to make this simple. When renting a car for your physical pentest, don't get the mustang. Don't get any car that is going to attract attention. Get a bland car in a bland color. Something like a gray Toyota Camry or boring SUV.

Why get an SUV if you are only one person? Dumpster diving. I cant tell you how much more crap an SUV can hold than a midsize car.

I once had to go back to the client site 3 times to get as much stuff as the SUV could hold on another site. You never want to do that. You want to get in, get what you need, and get out. The longer you stay in a particular location, the higher your chances of getting caught.

Therefore, get a bland, boring looking SUV if you can. Otherwise get a midsize car. Avoid compacts if you are planning on doing any dumpster diving.


Another aspect of choosing a car that is actually very important for night operations - Make sure all the lights can be turned off quickly and manually.

Few things are more annoying than pulling up to a spot and turning off the car only to have the lights linger on for a minute or so while you awkwardly stare off waiting for them to switch off.

The best option would be the ability to have all the lights off (interior and exterior) while the car is still on. But for most cases, its better to leave the car engine off.

