Jim and I carefully approached the parking lot. It was almost 6:30 PM.
We found a vantage point near a restaurant right across the street from the parking lot, we climbed onto a container located on side of the restaurant and we prepared our gear. We had with us a couple of BARSKA Blackhawk scopes with tripods. At this distance those scopes were more than enough. We also had with us a night vision scope, however since the building was well lit we didn’t need it.

We were performing recon for a customer that wanted to test whether his control center was vulnerable. Their control center housed all the company’s servers, communication boxes (telephones switches, VoIP boxes, etc) and the data farm where they kept all their customer’s sensitive information. Phase one of the project was a physical pentest. Phase two would be a digital vulnerability assessment and at a later stage a full penetration test.

We were observing the building at night, trying to learn as much as we could in 2 nights: what was the normal activity around the building, etc. Once this part was completed we performed a daytime recon that included me going into the building to recon the reception area and other possible locations. Jim also reconnoitered the building during the day but he focused on the exterior.

Back to the night. We observed the building’s front area for about two hours and we had a very good sketch of the area with car and people movement, lights on and off in the different windows and how often their security performed the routine checks. We did this the following night as well and then compared notes. Once we were done with this, we climbed down the container and proceeded to walk around the perimeter of the building. We wanted to see first hand whether there was any way in other than the main gate.
We walked very slowly and tried to maintain a low profile. We knew there were cameras, we just didn’t know where, so until we could map them we needed to remain as much in the dark as possible.
After the first round we found out that the building had a fence with barbwire on the sides, including the front where there main gate was with its entrance to the parking lot. The 4th side, the left side of the building, was guarded by another building, a smaller three stories high one. This smaller building housed an architecture studio and a lawyer’s firm. The door was locked and I am sure there was some security measures inside. We noted this building to be checked during the day recon.

We spent the rest of the night observing from the container near the restaurant. Nothing worth mentioned happened. Until 6 AM.

At 6 AM we observed a group of people parking near the smaller building at the left side of our target. They began taking cleaning supplies out of a van and moving them into the building. We climbed down and walked towards them. I was dressed in semi-tactical gear so I approached them and told them that I was one of the security personnel of the my customer and I needed to verify that they had permission to be in this building. The guy clearly was part of the cleaning stuff and didn’t know anything about a permit and told me to talk to his supervisor. I went into the building, all the while making mental notes of any security devices - other than a camera at the entrance I saw none - and headed for the cleaning and supplies room. The supervisor wasn’t there and when I asked the cleaning person where was he, he just replied “somewhere”. I took the stairs and went looking for him (sort of). I managed to get to the roof and by 6:30 AM, twelve hours after we started the recon, I saw a possible way into the building. Right there, on the roof there was an escape ladder, or a fire ladder, coming out of our customer’s building and into the smaller building. I climbed up and I check the door. Of course it was locked. However I couldn’t see any signs of a security device attached to it. It might be inside though.
Anyway, this was a good way to try to break in. We still needed to perform the day recon.

To be continued…