When you do it right… Again

We had another physical pentest. We prepared for this one for several months: Recon and intelligence gathering on the target, intel analysis and strategy preparation... The we prepared our cover story. Like in past physical assessments, we worked hard to make sure that when I and another team member got to the target, it would go as smooth as it could possible be.

My customer specifically asked again for an "overt" assessment. This means that we had to walk through the front door to achieve our target: get in control of the server room.

The countless phone calls, emails and surveillance paid off. We performed our second fastest pentest to date. From the minute we stepped in the building until we managed to get inside the server room, took us about 17 minutes. The security guard was even kind enough, like last time we tested them, to open the server room for us. Thank you!

Since this is clearly a security issue I cannot post pictures. However I will say that I still get shocked when I see how poorly trained some security personnel are.

'Military-Style' Raid on California Power Station Spooks U.S | The Complex - Foreign Policy

Thinking like an adversary