Spain
Portugal
💬 true story... What are the risks of pentesters trying to hack your company. Part 1.
• There have been no interesting stories from the lives of pentesters and social engineers for a long time, and to be honest, I missed this category. Today we will add another fascinating story to our list. Enjoy reading.
• The story of two pentesters (Gary and Justin) about how a security audit turned out for them one day. The pentesters hacked the entrance to the premises and the IT infrastructure of the court, and just a few hours later they were there, but as defendants:
• A week was allotted for a new project, the pentesters had almost full carte blanche - they could do anything: use lockpicks, break in through the back door, dig in dumpsters, connect flash drives. The only thing they were forbidden was to turn off the alarm system.
• The testers' obligations were spelled out on 28 pages. The insurance in case of arrest was a list of people – employees of the Iowa judicial system who were privy to the process and could prove that the pentesters were not criminals.
• The first day of the week-long project passed without incident. Pentesters entered the building at night, photographed the signs of security problems found. They left their business card on the customer's desk – as proof that they got inside, informed him about all their findings.
• The next call was on Tuesday, and the breaking of doors to the floors where the court sessions were held was scheduled for that night. The first door yielded easily, with the second there were problems – it revealed a hidden protective mechanism that the pentesters did not see. They also got in the way of a room with monitors from all security cameras, where they were able to get into. According to the cameras, they saw that a security officer was bypassing the corridors. In order not to catch the eye, the pentesters took advantage of the shelter in the "blind spots", and then continued the tests. But not for long – the alarm sounded. It turned out that the floor doors through which they passed remained propped up. Despite the fact that the alarm went off, the pentesters completed their tasks for that night and recalled with laughter how they hid from the SB in a pile of things.
• Time remained, and they continued to check another courthouse. When they were about to enter, it turned out that the door to it was open. They pushed her, but the alarm didn't go off. After several attempts to wake up the alarm, they decided to close the door in order to crack according to their task. And as soon as they started to open it, they heard a warning signal, followed by a real alarm. It happened so fast that there was no time to enter the security code to stop the alarm. She was yelling so loud that the whole town could hear. The Pentesters could only wait for the police....
