Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2019 Under the Hoodie report.
I was sent on location with another team member to perform a red team assessment. The client had told us on our pre-engagement call that no one had ever successfully gained physical access to their building. Challenge accepted.
When we arrived onsite, we found that the client owned three multi-level buildings in a campus of similar office buildings. Other companies shared the campus with our client. The buildings were arranged in such a way as to create a central courtyard, where an open-air cafe had been set up for workers to enjoy the outdoors.
Our recon identified that all doors into all three of our client’s buildings were protected by badge readers and that security guards roamed the campus looking for suspicious people and activity. We also saw that each entry had a surveillance camera overhead. We knew this wasn’t going to be as easy as other similar engagements had been, so we formulated a plan.
We had with us a HID badge cloner that had been built by our team for such an occasion. It was designed to be able to capture the RF signals from the ID badges from as far away as a few feet. We determined to make use of the cafe to sniff some ID badges. We each got a pastry or cup of coffee and sat down in nearby armchairs to wait ..
Support the originator by clicking the read the rest link below.
