Rendered at 08:13:47 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
illithid0 2 days ago [-]
From one red teamer to red teamer to another, glad your first assessment went so well and you had a great time. My first physical pentest made me want to never sit in front of a terminal again.
People, as we like to say, are not paid enough to care. At-will employment, company-sponsored healthcare, etc. have employees so focused on their own wellbeing that protecting "the company" is the last thing on their minds, and I can't really blame them. That lady who you barged in on may very well have just been used to micromanaging jerks doing it to her all the time, so she has to seem busy.
Physical security, in my experience, comes down to giving people something to protect which actually benefits them to protect. All the technical controls in the building can fail and one person with enough skin in the game can kill an intrusion attempt in seconds.
sillysaurusx 2 days ago [-]
I want to hear about your first assessment please! (Former pentester here. I never got to do a physical red team but always daydreamed about it.)
illithid0 1 days ago [-]
My first assessment was honestly as anticlimactic as OP's.
We had to break into a particular unit of a multi-tenant office building. The client wanted us to focus on social engineering, but if we were able to do that, to move on to testing if anyone would see it as suspicious if someone was messing with doors and stuff.
So my partner walked up to the reception desk with a toolbox and a clipboard, claiming to be there for an off-schedule inspection of the elevator fire suppression system. Signed the guestbook with no formal verification, walked into the office area, and sat down to plug his laptop into an ethernet drop.
Meanwhile, after he texted me to let me know he was in, I took the stairs up to a door that led into the back of the target unit and just had to use a traveler's hook to pull door latch open. No guard plates or anything in the way.
Then I walked around in my business casual outfit until I found what looked like an IT closet, waited for a time when no one was in the hall with me, and used an under-the-door tool to pop it open. All their network equipment was in there along with spare laptops and an unlocked IT admin machine on a desk.
:)
Animats 1 days ago [-]
Only the military, and some banks, really take physical security seriously.
Someone tried to crash through the main gate at the Camp Pendleton Marine Corps Base two years ago. It did not end well for them.[1]
Attempt to crash the gate at CIA HQ last year. Drunk driver shot.[2]
Attempt to crash the gate at NSA HQ a few years ago. Two drugged-out "men dressed in women's clothing". Hit barrier, tried to turn around and escape, blocked by guard vehicle. One killed, one injured, one guard injured.[3]
There was a story, I think back in the '60s or '70s, about some cantankerous old 1-star general who used to personally conduct unscheduled inspections. One day he requisitioned a deuce-and-a-half (one of those Army trucks with two axles in the back and a green canvas covering for the bed, like you've seen in the movies) and just crashes it right through the front gate at some base.
The private who was manning the guard post at the gate came running along behind, probably worried that somebody had been hurt in the crash. The general hops out of the cab and unloads on the poor kid with both barrels of choice insults about the private's parentage, IQ, social standing and hygiene, finishing it off with "and why the hell didn't you shoot me?!"
According to legend, that was what the private was punished for -- dereliction of duty, failing to shoot the threat to base security.
(Obviously, this story is most likely complete BS.)
Animats 23 hours ago [-]
Probably.
Most US military installations, since 9/11, have a remotely raiseable crash barrier some distance past the checkpoint. Standard procedure is to hit the button to raise that if anybody doesn't stop at the the checkpoint. This solves the "do I shoot, or not" problem.
Then guards can go after the vehicle.
This is a normal part of military life now. "“When you see a car hit the barriers it’s an intense moment because you think you might get in trouble,” the anonymous airman said. “But the overall feeling would still be ‘crap that’s even more paperwork.’”"[1]
The version I heard was a general trying to access a nuclear area, with the private having shoot-on-sight orders.
i_think_so 21 hours ago [-]
I wonder if perhaps that's the kernel of truth that started the legend. I can certainly imagine that kind of attitude during the Cold War, particularly since in many sectors attitudes were quite different from today.
nathan_douglas 1 days ago [-]
Great stuff. I love that there's this kind of modern noir tone to the writing.
> I wanted to try and see if we could bypass the door entirely, and that’s where the canned air comes in. If you turn a can of compressed air upside down, it starts “boiling off cold gases.” These are not harmful in open spaces, and their temperature is well below freezing point even when gaseous. This can trigger a sensor that checks for temperature increases: First it sees a drop to -50C, thinks “Baby, it’s cold outside.” Then, the temperature starts rising again, and the sensor thinks “Oh, temperature going up?! Must be a human!” and opens the door. If this works, I will update my Mastodon. If it doesn’t, well I can still walk in after someone, so it’s a finding nonetheless.
Many moons ago I worked a job that involved physical on-premise installations of different equipment. That’s when I learned that for access all that’s needed is often a toolbox, an attitude that you belong there, and a friendly hi to the security guy if you stumble upon one. Not always (and then you actually being authorised helps), but often enough.
rationalist 1 days ago [-]
Hardhat, ladder, and a safety vest.
People will even hold open the door for you since your hands are full with the ladder.
There's a subreddit dedicated to this.
simlevesque 2 days ago [-]
I love pentesting stories. Great blog post, I was smiling while reading most of it.
Anybody else feel a strong urge to copyedit that post?
I make as many typos as the next dog, but really. Don't kids today have the Internets to proofread their datas?
rfw300 1 days ago [-]
I did, and yet I also felt more relaxed reading it than I am reading most blog entries posted on here. I didn't feel like I had to guard against my time being wasted by vacuous LLM fiction.
Cyphase 1 days ago [-]
Sadly it's not hard for people who want to create inauthentic text content to prompt and process away a lot of the low-hanging signs.
i_think_so 21 hours ago [-]
And, sadly, that is indistinguishable (to me, at least) from a human genuinely availing themself of LLM assistance to rough out a draft, then making an honest effort to personalize the text with their own effort and insight.
crowfunder 1 days ago [-]
This post was so engaging to read, it felt like the best war-story you'd randomly hear in the break room. Gotta check out the rest of OP's posts.
totallygeeky 1 days ago [-]
Pentesting seems like a hoot, love to see these stories!
People, as we like to say, are not paid enough to care. At-will employment, company-sponsored healthcare, etc. have employees so focused on their own wellbeing that protecting "the company" is the last thing on their minds, and I can't really blame them. That lady who you barged in on may very well have just been used to micromanaging jerks doing it to her all the time, so she has to seem busy.
Physical security, in my experience, comes down to giving people something to protect which actually benefits them to protect. All the technical controls in the building can fail and one person with enough skin in the game can kill an intrusion attempt in seconds.
We had to break into a particular unit of a multi-tenant office building. The client wanted us to focus on social engineering, but if we were able to do that, to move on to testing if anyone would see it as suspicious if someone was messing with doors and stuff.
So my partner walked up to the reception desk with a toolbox and a clipboard, claiming to be there for an off-schedule inspection of the elevator fire suppression system. Signed the guestbook with no formal verification, walked into the office area, and sat down to plug his laptop into an ethernet drop.
Meanwhile, after he texted me to let me know he was in, I took the stairs up to a door that led into the back of the target unit and just had to use a traveler's hook to pull door latch open. No guard plates or anything in the way.
Then I walked around in my business casual outfit until I found what looked like an IT closet, waited for a time when no one was in the hall with me, and used an under-the-door tool to pop it open. All their network equipment was in there along with spare laptops and an unlocked IT admin machine on a desk.
:)
Someone tried to crash through the main gate at the Camp Pendleton Marine Corps Base two years ago. It did not end well for them.[1]
Attempt to crash the gate at CIA HQ last year. Drunk driver shot.[2]
Attempt to crash the gate at NSA HQ a few years ago. Two drugged-out "men dressed in women's clothing". Hit barrier, tried to turn around and escape, blocked by guard vehicle. One killed, one injured, one guard injured.[3]
[1] https://www.youtube.com/watch?v=RPQPKnNj8wM
[2] https://www.nytimes.com/2025/05/22/us/shooting-cia-headquart...
[3] https://www.youtube.com/watch?v=K49x05eOowo
The private who was manning the guard post at the gate came running along behind, probably worried that somebody had been hurt in the crash. The general hops out of the cab and unloads on the poor kid with both barrels of choice insults about the private's parentage, IQ, social standing and hygiene, finishing it off with "and why the hell didn't you shoot me?!"
According to legend, that was what the private was punished for -- dereliction of duty, failing to shoot the threat to base security.
(Obviously, this story is most likely complete BS.)
Most US military installations, since 9/11, have a remotely raiseable crash barrier some distance past the checkpoint. Standard procedure is to hit the button to raise that if anybody doesn't stop at the the checkpoint. This solves the "do I shoot, or not" problem. Then guards can go after the vehicle.
This is a normal part of military life now. "“When you see a car hit the barriers it’s an intense moment because you think you might get in trouble,” the anonymous airman said. “But the overall feeling would still be ‘crap that’s even more paperwork.’”"[1]
[1] https://taskandpurpose.com/news/air-force-security-forces-ba...
> I wanted to try and see if we could bypass the door entirely, and that’s where the canned air comes in. If you turn a can of compressed air upside down, it starts “boiling off cold gases.” These are not harmful in open spaces, and their temperature is well below freezing point even when gaseous. This can trigger a sensor that checks for temperature increases: First it sees a drop to -50C, thinks “Baby, it’s cold outside.” Then, the temperature starts rising again, and the sensor thinks “Oh, temperature going up?! Must be a human!” and opens the door. If this works, I will update my Mastodon. If it doesn’t, well I can still walk in after someone, so it’s a finding nonetheless.
I enjoyed it a lot.
https://web.archive.org/web/20181118010006/https://threader....
https://news.ycombinator.com/item?id=18475438
People will even hold open the door for you since your hands are full with the ladder.
There's a subreddit dedicated to this.
It reminded me of Deviant Ollam's stories such has his elevator security talk w/ Howard Payne: https://www.youtube.com/watch?v=oHf1vD5_b5I
I make as many typos as the next dog, but really. Don't kids today have the Internets to proofread their datas?