It Shouldn’t Be This Easy to Break Into a Utility Company

Sharing is Caring!

A physical penetration tester tells us a tale of breaking and entering, stealing sensitive documents, hacking PCs, and the power of wearing a hard hat.

Pen Test, Part 3: Jumping a Fence and Donning a Disguise

I was once part of a Red Team of three tasked with testing an energy company with three locations in three different cities. My assigned location was surrounded by an 8-foot barbed-wire fence to guard most of its service and Cat heavy equipment vehicles.

I started by driving by the site on the first day of testing, watching people arrive for work and leave to get an idea of what sort of activity this location had. I went to dinner, and when I came back around 9 p.m., I realized there was a business next door that allowed for cover after hours. I decided to jump the fence and walk around the property in the shadows as much as I could. My goal was to avoid getting picked up by any cameras and getting caught.

See also  Company with ties to the CIA behind Pokemon Go now brags about having built a "3D map built from people scanning interesting locations in our games"
See also  Congress pushes to break up insurance monopolies after CEO's murder.

https://www.rapid7.com/blog/post/2018/09/18/this-one-time-on-a-pen-test-part-3-how-i-stole-an-energy-company/

AC