whonose123 @whonose123@infosec.exchange

^^^ <End of Thread> ^^^

I breached a company through a newly constructed branch location.

I slipped in in that short moment between them implementing the network and them implementing the security to protect that network.

#pentest #hacking #infosec #breakin #livetoot

Walked around the place. Looking at the newly constructed cubical farms.

Seats freshly installed.

Plastic, boxes, styrofoam on the floor.

Found the hot ethernet jacks to the side and plugged in some more RPi dropboxes.

Folks just thought I was an installation tech.

Left the site and checked my listeners. The RPi’s had connected.

I had complete access to that location, of course.

But I also had internal access to the WAN. To the central corporate network in another city.

A flat network.

All of the servers had their IP addresses printed out on labels.

The security camera management console had each IP camera’s IP address on display.

Firewall appliances, vuln scanner appliances, security appliances, all labeled neatly.

Lot of little devices on the wall and in the racks plugged in.

I had a couple Raspberry Pi dropboxes in thise black official cases.

I took them out. Plugged them in. Left.

Got out of my car & walked up to the main lobby. A lot of folks coming and going.

It had a badge reader, man trap, and locked down lobby...

...that hadn’t been locked down yet.

So I walked through. Nodding to folks as I passed.

Went into the office area of the warehouse & looked around. Made sure folks saw me. Became part of the busy flow.

Found the server room. Door propped open. Room crowded with network field techs finishing their cabling. Camera folks setting up the management console.

New warehouse just finishing construction. A lot of different people there. Electricians, network field techs, physical security engineers, etc.

Drove up to the parking lot to see all manner of different companies and installation techs, coming and going.

While driving up to the site, I noticed the place surrounded by high fences, barbed wire, lots of cameras. It had good coverage. Didn’t see a dead zone.

When this place becomes fully operational, it’s going to be a tough nut to crack.

So I recently completed a physical pentest. Was going to live toot it.

But it happened a little too quickly.

Went to case the joint; conduct some active recon.

And then just sort of breached the place while I was there...

#pentest #hacking #infosec #breakin #livetoot

@ScottMortimer @jackiebailz
It is. I have it running on the first gen rPI since last weekend. Runs great for a small home network. But piping an installation script into bash should be banned. It's a good reason for punishment

@ScottMortimer
im curious about your experience running it on a rPi 1, i've got one laying around myself

Very good writeup on the #Lundgren v #Microsoft issue.

Goes into detail why the ruling is grossly off.

https://techcrunch.com/2018/04/25/how-microsoft-helped-imprison-a-man-for-counterfeiting-software-it-gives-away-for-free/

iVerge is at it again. They are to Apple what Fox News is to Trump.

https://www.theverge.com/2018/4/13/17233122/android-software-patch-trust-problem

https://video.hispagatos.org/videos/watch/df2048e8-ff2f-47f0-b07e-325e4226ebc9 Another sedicion - Anarchist hackers - Submedia.TV #hispagatos #FuckTheSystem #HackTheSystem a(A)a

https://infosec.exchange/media/EVN-UIYuoj7mFo6dsAY https://infosec.exchange/media/VCWiw_GdZvWEx4BroUo