Spain
Portugal
💬 true story from Group IB... False alarm.
• Today I found for you another and interesting story from Group IB, accepted reading:
• On one of the projects, it was not possible to get into the office of a company that occupied all the floors in the business center from the third to the last. There was a bank on the second floor, through which we tried to get a temporary pass to the building, but it didn't work out. After studying the floor plans of the building and talking with the staff, as well as making a preliminary live reconnaissance, we identified two vectors of penetration into the building: through the main entrance and through the fire exit.
• Entry through the main entrance was complicated by extremely vigilant security. As a scenario, we came up with an actor's scene about an attack of diabetes, in which one of the performers squeezes between the wall and the turnstiles to the elevators, while the second distracts the attention of the guards.
• Another scenario was penetration through the fire exit, which was located at the back of the building along with a freight elevator leading to the desired floor.
• It was winter time, the performers arrived at the place at about 9 pm, the frost was creaking outside. First we decided to check the back door and find out the situation around. When approaching the building, they found that the door was open, but it was being watched by a guard on patrol. From the conversations of the guards, it became clear that some kind of emergency situation had occurred and the door simply did not close with an electromagnetic lock.
• Suddenly there was a lull: the patrol went to bask in their lodge and stopped walking around the door for a couple of minutes. A great opportunity to warm up in the customer's office! In the blink of an eye, the performers were inside the corridor leading to the elevator and stairs, but already in the elevator they realized that it was not working, and the time spent checking it turned out to be fatal: when the performers ran to the stairs from the elevator, one of the guards noticed them.
• As we wrote earlier, it is extremely important to be able to pretend to be a fool in any situation in time or to play the right role, keeping calm: when communicating with the guards, a trembling voice has not helped anyone yet.
• Security guard: What are we doing here?
• Performers: We're going to the insurance company. Should we go through this door?
• The insurance company's office was a little further away, and we pretended as if we thought that the door led right into it.
• The guard squinted, but apparently believed in this legend and said that the place he was looking for was further away and was no longer working, since the time was late.
• After an unsuccessful attempt, we decided to return in half an hour. The emergency situation persisted by that time, and the door was still wide open. But this time, none of the guards were around. One of the performers ran through the door and immediately headed for the stairs. It was very noisy there: judging by the sound, forced ventilation was actively working, and the magnetic locks were open. And then we realized: a fire alarm went off in the building or a fire alarm is being checked — that's why the front door didn't close. It should be noted right away that none of our specialists pressed the cherished button (next time we will definitely offer the customer a similar scenario) — it turned out to be just a happy accident for us.
• Our employee got to the right floor. By that time, everyone had already gone home, and there was no light on anywhere on the floor. It was not difficult to get into the office premises through the fire exit: both locks are electromagnetic, and all ACS were disabled due to a fire alarm. Then the performer approached the workplace of one of the employees and installed a device for the “man-in-the-middle" attack. After that, the pentester easily left the business center. The operation was deemed successful.
