Answer to Problem 1
Over the weekend I received quite a few answers to Problem 1. Some of the answers were really technical, some others... Well, very creative. I like that!
Here's the one I like the most. It is a great example of thinking outside the box. It might not be the perfect answer for this, but it sure had potential and I like his way of thinking.
Michael F. sent this:
Simple. Wait until a very slow time "1:00 am and 9:00 am" and perform some harmless DDOS on the hardened web server in the DMZ. Wait to see whomever comes into to work to deal with the attack.
Those people that come in, will be those that have elevated privileges. Those will be the ones you will want to blackmail to perform whatever attack you need.
Because the obvious weak point will always be the people.
You could target the people coming in to deal with the DDOS or you can pretend to be those people (with enough research). Yes, it has potential.
Stay tuned for Problem 2.