Convincing new customers...
You have two types of prospect customers in the world of Red Teams: Those that believe they need help and are willing to invest in proper security, and those that believe their security is the best but since it's required by their oversight they will hire a security consultant to try to find security vulnerabilities.
The former are easy to convince that they need to perform different tests, including a physical penetration test. The latter... Well, those take some convincing to do.
I can show them presentations and hard data on why their security is lacking but they are too confident that their security is so good that they won't listen. In these cases I have to show them first hand. I usually would ask for permission to try to penetrate their building/network but sometimes I do it and then show them.
This last customer I had to convince authorized me to, quote: "try to bypass my security guards, I dare you...".
So I started with the recon and found several possible ways to bypass their elite security guards. The most obvious was the underground parking garage. It had a ramp that allowed the cars to go from the street level to one of the two underground levels reserved for employees or visitor parking. The entrance was guarded by a bored guard that during the recon showed me that he loves to read. The funny thing about that is that if he really is paying attention to the book he gets tunnel vision and his focus gets narrow as well.
I tested this theory by just waking by his booth several times looking like I was on the phone. He never even looked at me. Then I tried again another day by walking up to the ramp, taking two steps down and going back too the street. Nothing. He was reading.
The day of the pentest I dressed with a suit and tie, shaved and got my very important executive act ready to go. I began walking towards the ramp, keeping an eye on the guard, (not directly looking at him but using my peripheral vision. If you look straight at something, chances are that something will look back at you. Trust me on this). Just as I was ready to go for the ramp a car came out so I had to wait for the guard to go back to his book and loose the focus on the outside world.
I went for it.
I walked pass the guard, trying to remain close to the outside wall and pretending to be on my phone. A minute later I was on the first sub-level. I kept on walking until I found the door to the elevators. You needed a card to open this door so I just waited there, again pretending to be on the phone just in case someone saw me and trying to keep away from the camera pointed at the door. About seven minutes later the door opened and three people came out. I let door go back to the closed position and put my foot as it was almost closed. I was in.
I took the elevator all the way to the last floor, the CEO office, went to the kitchen and set my laptop on the table there. I found 2 open wireless networks and a few minutes later I was part of their network. I did a simple scan and prepared coffee. Then I called the security director. On the phone I said: How about you come to the kitchen on the last floor, the one by the CEO's office and I show you how good your security is.
Literally a minute later he was there, mouth open. He saw me there, drinking coffee with my laptop open.
I showed him a map of his network and a little MP3 file I recorded earlier with the CEO on the phone talking to the investors (or something like that). He was in shock.
New project for me!
Side note:
During our conversation in that kitchen he saw my GORUCK Radio Ruck with the GORUCK Tough patch and asked me if I completed the challenge. I replied yes. He said he's been reading a lot about it and that he wanted to try and take the challenge. This conversation continued and now he is not only my customer but he is planning to make all his guards train and maybe take the GORUCK Challenge. Funny how things are.