Guess work?

Red Teams
Fieldcraft, Physical

This came out on a conversation yesterday with an old time friend and colleague. We were talking about the different techniques we've used in the past to get that crucial piece of information that resulted in the success of the projects.
We both laughed at some of the social engineering attempts we've made, some really ridiculous, and what worked and what not. Then we moved to the more interesting physical attempts to get information.

Yes, in one project that we worked together, we used a simple method to gain information about the hotel room number of the person we were Red Teaming (well, the company hired us to see the weak links and this person was THE weak link). It was a simple method and it worked like a charm.

We knew the hotel and we tried to social engineer the concierge over the phone to get this person's room. The idea was to get in and try to get to his laptop when he was away. Well, it didn't work, so we instead mailed a rather large package to the hotel addressed to the person we were targetting. The next day, when the package arrived (my friend was at the hotel's lobby waiting), I called from a cellphone and asked to talk to the concierge. I asked him if the package for Mr. Target had arrived. He searched in the computer to see if Mr. Target was indeed in the hotel and then went to see the pile of packages that arrived a few minutes earlier. At this point my friend approached the desk and waited there. As the concierge came back, my friend asked something, and the concierge politely asked for a minute. He said to me on the phone that yes, the package was there. I asked very politely to make sure that Mr. Target get it immediately since he - Mr. Target - needed it for his morning meetings. The concierge said yes and I thanked him. He wrote in a piece of paper the room number and name of Mr. Target, called a bellboy and told him to get "that big package" to the person in that room right away. My friend saw the name and room that were written in the paper and that was it. We had the info.

Anyway, the point of this post came out after that conversation with my friend. A simple plan, one flexible and that can adapt, often will work better than one that has many moving parts and it's not so dynamic.

Think outside the box, keep it simple and Red Team it.

Aikido Principles applied to Red Teaming

OODA Loop: A Comprehensive Guide | Art of Manliness