Sometimes you spent weeks trying to figure out the best way to infiltrate your target, whether digitally or physically.
Sometimes all it takes is a trip to the back of the building.
A few months ago we were performing an initial recon on a new customer. He wanted us to check whether his security team did a good job in setting the perimeter. The desired target was one of the server rooms inside the building, where their data center was located.
We arrived after hours and after laying low for a few hours, observing and collecting atmospherics, we decided to go around the perimeter to map it. In the past we've found vulnerable points of entries that were no visible from a single OP (observation post).
As we were coming to the back of the building, we noticed that the trash collecting trucks were leaving the building. The gates were open and there were no guards there, only a camera. We layed there observing for 40 minutes and nothing happened. After a brief exchange we went for it.
We kept an eye on the backdoor for the building, waiting to see security guards or someone in chage to come and close the gates but nothing... A few minutes later we were at the open door that led to the storage room and the main trash room. We entered the trash room and we saw another door at the end. We tried it and it was open. It led to a dirty staircase and after going up a couple of floors we found ourselves in the main cleaning office. I guess the cleaning crew works in there.
We carefully opened the main door of the office and we were in the main building. After a few careful steps we decided to go for it too. We took the stairs to the 3rd floor, where we knew the server room was (a little social engineering). We took pictures all along the way, from the infil into the building, all the way to the entrance of the server room.
The room was guarded by a card reader. So, it was going to be tricky. We noted everything and left the same way we came. No one even noticed us.
Anyway, to make the story short. The following week we tailed an employee of the company and after making a copy of his badge, we again managed to get into the building after the trash trucks left. We used the card we copied and it worked.
We took a few pictures, unhooked some wires, left a little note saying hello and we left. Again, unnoticed.
The next morning the person that hired us, the director of security, called us furious! Not with us, but at the general state of their security. We worked together with them and helped him and his people get the right security setting based on what we found.
Next, digital Red Teaming for them.