All tagged red teams
You have two types of prospect customers in the world of Red Teams: Those that believe they need help and are willing to invest in proper security and testing, and those that believe their security is the best but since it's required by their oversight they will hire a security consultant to try to find security vulnerabilities.
The former are easy to work with and easy to convince when it comes to the need to perform different tests, including a physical penetration tests, social engineering and other less traditional tests. The latter... Well, those take some convincing to do.
I can present hard data on why their security is lacking but they are too confident that their security is so good that they won't listen. In these cases I have to show them first hand. I usually would ask for permission to try to penetrate their building/network but sometimes...
This particular customer I had to convince authorized me to, and I quote: "try to bypass my security guards, I dare you...".
Some time ago, while I was helping a law enforcement agency track a wanted mobter boss, I came across one of his trusted people's computer. He and I were connected to the same insecure wireless at a cafe. After some scanning and running several little exploits I managed to get a shell to his Windows XP machine.
Initially I thought the laptop was one of those burn computers: use once and discard, so I was hesitant to leave there any backdoor, however he was the only lead we had to the boss so I installed one.
The backdoor would try to connect to a server I had ready and send an "I'm alive" signal via an HTTP GET that was injected into any application connected to the internet. The idea was to utilize the app already connected as a conduit and try to remain hidden like that.
I wasn't sure if it would work because the more I searched the laptop, the more I thought this was a burn computer. My hope, though, was that this guy would eventually connect to a network where either the boss was connected or that we could find data belonging to the organization; maybe this last part would help us find the boss.
For several weeks my listening server didn't get any signals. Then, when I was about to shut down the server, I had one.