Hey everyone,

I’m conducting an authorized security audit on a school for my Information Assurance and Security class. I have a team of 4-5 people, and we’ll only have about 2-3 hours on-site after hours. The rest of our class will also be there doing their own audits, so there might be some competing network noise. I need to prioritize our time efficiently and figure out how best to divide the work.

Our Loadout:

• Windows Laptop

• Kali Linux Laptop

• Flipper Zero + Wi-Fi Dev Board (Momentum OS)

Rules of Engagement:

• DO NOT break anything or cause downtime (they get immediate alerts if things drop).

The Environment / Recon Intel:

• Network/Infra: Highly segmented. Cisco Layer 3 switches, 48 FortiGate firewalls, Graylog server. No 802.1x, NO port security.

• Wireless: BYOD (faculty), Guest, and a Secure network (cert-based for laptops).

• Cloud/Servers: Hybrid Azure, AD on-prem. Next to nothing else on-site besides AD. Veeam for the small on-prem footprint. Cloud heavily utilized (typical edu SIS apps, OneSync, etc.).

• Endpoints: Students use Chromebooks. Teachers use Microsoft Surface 7s. SCCM and TeamViewer Enterprise for management/remote access.

• Physical Security: Continuum RFID hardwired access, keypads. Classrooms use physical keys. Lots of IP-based cameras and door controllers.

• Policies & Vulnerabilities:

  • Unlocked USB policy.

  • Unrotated BIOS passwords.

  • Teachers do not rotate passwords (and have to memorize them). Duo is used for MFA.

  • Lightspeed content filter (should block .exes) + blacklist site blocking.

  • Elementary school Chromebook carts are left unlocked.

Given the short 2-3 hour window, a team of 5, the lack of port security, and the unlocked USBs/Chromebook carts, what specific tools, payloads, or physical bypasses would you prioritize? How would you recommend splitting our team (e.g., who does physical vs. network)? Any specific Flipper attacks we should prep beforehand?

Thanks in advance!