New warehouse just finishing construction. A lot of different people there. Electricians, network field techs, physical security engineers, etc.
Drove up to the parking lot to see all manner of different companies and installation techs, coming and going.
While driving up to the site, I noticed the place surrounded by high fences, barbed wire, lots of cameras. It had good coverage. Didn’t see a dead zone.
When this place becomes fully operational, it’s going to be a tough nut to crack.
Got out of my car & walked up to the main lobby. A lot of folks coming and going.
It had a badge reader, man trap, and locked down lobby...
...that hadn’t been locked down yet.
So I walked through. Nodding to folks as I passed.
Went into the office area of the warehouse & looked around. Made sure folks saw me. Became part of the busy flow.
Found the server room. Door propped open. Room crowded with network field techs finishing their cabling. Camera folks setting up the management console.
All of the servers had their IP addresses printed out on labels.
The security camera management console had each IP camera’s IP address on display.
Firewall appliances, vuln scanner appliances, security appliances, all labeled neatly.
Lot of little devices on the wall and in the racks plugged in.
I had a couple Raspberry Pi dropboxes in thise black official cases.
I took them out. Plugged them in. Left.
Walked around the place. Looking at the newly constructed cubical farms.
Seats freshly installed.
Plastic, boxes, styrofoam on the floor.
Found the hot ethernet jacks to the side and plugged in some more RPi dropboxes.
Folks just thought I was an installation tech.
Left the site and checked my listeners. The RPi’s had connected.
I had complete access to that location, of course.
But I also had internal access to the WAN. To the central corporate network in another city.
A flat network.
@tinker this ballardian narration was 👌
@tinker ballardian chronicles of pentesting: when the demise of capitalism intertwines with cyber-security
@tinker Yeah! :)
@whonose123 - Hehehe :)
@tinker Woah, that's really cool! (Also, great job!)
@hummingrain - Thanks!
^^^ <End of Thread> ^^^
I breached a company through a newly constructed branch location.
I slipped in in that short moment between them implementing the network and them implementing the security to protect that network.
#pentest #hacking #infosec #breakin #livetoot