Darknet Diaries - Ep 40: No Parking
Episode Date: June 11, 2019Take a ride with a red teamer. A physical penetration tester as he tries to make his away into unauthorized areas, steal sensitive documents, hack into the computers, and escape with company ...property.This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo.This episode was sponsored by Hostinger. Go to https://hostinger.com/darknet and use code DARKNET to get 15% off a hosting plan and check out this week’s free feature.For complete show notes and links go to darknetdiaries.com.
Transcript
Discussion (0)
When I was young, I used to like sneaking around places that I shouldn't have been in.
I liked getting in the back of house areas and performing theaters or casinos.
This one time I went to explore a mall where I lived, and I found a huge back hallway,
a corridor that connected all the back of the stores together.
It was such a big back hallway that a truck could drive through it.
It was fun to explore, and it was a major shortcut across the mall, so I'd duck down this corridor
from time to time, and every time I went down this back hallway, I saw signs hanging up everywhere
that said, J-D-L-R. I used to stop and read these, and try to figure out what it meant. J-D-L-R?
Just don't litter raisins? Junior dining living room? What does J-D-L-R mean?
One day my friend got a job at the mall, so I asked her, hey, what's J-D-L-R? She tells me,
it means just doesn't look right. Just doesn't look right? What does that mean? I asked.
She said it's a reminder to look out for anything out of the ordinary in the mall and report it to security.
JDLR was a security awareness campaign that the mall cops put up to report suspicious people like me sneaking through back hallways.
Huh.
But really, I wondered how effective this campaign was.
Suppose you were told to report something that was just JDLR.
Would you notice when someone came into your office or store who didn't belong?
Would you then care enough or be brave enough to do something about it?
How quickly could you even find the number to security?
This is a story about a guy who got caught sneaking into a building
because he just didn't look right.
JDLR.
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is
Darknet Diaries. This episode is sponsored by Delete Me.
I know a bit too much about how scam callers work.
They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online. Phone numbers, addresses, family members,
where you work, what kind of car you drive. It's endless and it's not a fair fight. But I realized
I don't need to be fighting this alone anymore. Now I use the help of Delete.me. Delete.me is a
subscription service that finds and removes personal information from hundreds of data
brokers' websites and continuously works to keep it off. Data brokers hate them because Delete.me makes
sure your personal profile is no longer theirs to sell. I tried it and they immediately got
busy scouring the internet for my name and gave me reports on what they found. And then
they got busy deleting things. It was great to have someone on my team when it comes to
my privacy. Take control of your data and keep your private life
private by signing up for Delete Me. Now at a special discount for Darknet Diaries listeners.
Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and
use promo code darknet at checkout. The only way to get 20% off is to go to joindeleteme.com
slash darknetdiaries and enter code darknet at checkout. That's joindeleteme.com slash darknetdiaries and enter code darknet at checkout.
That's joindeleteme.com slash darknetdiaries
and use code darknet.
Support for this show comes from
Black Hills Information Security.
This is a company that does penetration testing,
incident response, and active monitoring
to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work.
If you want to improve the security of your organization, give them a call. I'm sure they can help.
But the founder of the company, John Strand, is a teacher.
And he's made it a mission to make Black Hills Information Security world-class in security training.
You can learn things like penetration
testing, securing the cloud, breaching the cloud, digital forensics, and so much more. But get this,
the whole thing is pay what you can. Black Hills believes that great intro security classes do not
need to be expensive, and they are trying to break down barriers to get more people into the security
field. And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, Thank you. training. That's BlackHillsInfosec.com. BlackHillsInfosec.com.
So let's start out with what do you want to be called or what's your name? What do you do?
My name is Kyle. Right now I'm on the red team at McKesson.
Ah, yes. Another red team story. The red team is the offensive team in a simulated attack.
In this case, Kyle's day job, or sometimes night job,
is to physically break into buildings to test their security
like a sophisticated criminal might do.
Oh, and I should give a warning here.
Kyle drops a few swear words while telling us the story,
so if you don't like swear words, you might want to skip this one.
This mission was to get access into a utilities company,
and I won't even say what kind of utility company this was.
So they were a very large conglomerate made up of a lot of companies.
When you're dealing with the utilities, whether it's electricity, gas, or water,
it's extremely important that these networks are secure.
Because something going wrong here can result in a massive disaster.
These services are such an integral part of our lives.
In fact, I've even heard stories that the National Guard sometimes will do penetration tests on utility companies to help keep them safe from attacks.
Now, there were only two people in the company who knew about this physical penetration test.
And it was the head of IT security and the head of physical security, which is the boss of the security guards.
So the point was to gain access to headquarters by way of anything we could do at any of the previous sites and then leading up to going to headquarters.
Okay, let's underline the objective here.
Basically, it's to get access into the headquarters of this utility company.
And then once there, get network level access and then see
how far you can get into the network once doing that. So for instance, if Kyle could break into
headquarters and get onto the network there and get to like network admin, that would be pretty
ideal for him. But in this objective, he's allowed to also test the security of other locations,
which might help him gain access to headquarters. That's interesting. So
immediately I'm thinking about what I might do to get into headquarters. Maybe I would need an
employee badge to get in and some passwords, or somehow hack the network to let me in. And maybe
a smaller, less secure location would allow me to get some of this stuff. So Kyle starts profiling
some of their other locations online to try to find an easy
target. I get on my browser and I just go to Facebook, I go to LinkedIn, I go to Twitter,
I look at the company pages, I find employees, I go to their individual pages. And between all of
that, you start to amass, obviously, a lot of very useful information about the surrounding areas,
the general temperament of the people who work there. You get a feel for how the company likes to present itself,
how many events they have, where you can blend in at.
You get the obvious things that everyone goes for, badge images,
camera angles, things like that, that you can see from Google Street View.
When we were looking around in the social media,
we started to notice that the companies that they owned in the Midwest had a lot more outdoors type events, right?
Like cookouts, barbecues, fun runs, like March for the Cures, whatever, all that stuff.
Whereas some of the bigger cities, their acquisitions there didn't have so many outdoors events, right?
Kyle decides to target locations in the Midwest part of the United States.
First, I decided that, well, okay, yeah, we're going to do Midwest, but there's a couple of
sites out there. Which one do we want to hit? There was one site specifically that was on
four kind of blocks within an industrial area. So we're talking, you know, a huge amount of space to cover. Obviously there's a lot of just supplies laying around in one big
lot, a lot of vehicles parked in another, you've got your corporate building on this lot, and then
you've got your little warehouse buildings over here. Well, more often than not, your target area
is going to seem like it should be the corporate building, but it rarely ever is important that you go there.
That small little garage where all the shop workers are who don't really care so much about making sure that that door wasn't left jammed open or that that truck was locked, that's where you
want to start because that's where you get your easy privilege escalation. So before we flew out
there, I marked that building, told everyone that's where we're going to meet up.
As Kyle starts making his way out to the Midwest, he now starts focusing on trying to figure out who works in that building.
By using LinkedIn and Facebook, he starts to get a list of people, drivers, managers, technicians.
And by having this list of names and roles, it can help him out if he needs to drop a name or try to lie his way into the building.
He also looks on Google Maps to try to get as much information as he can about this building. What's next door? What kind
of fencing do they have around it? Where are the doors to get in and out? We take Google Maps for
granted now, but 25 years ago, we really didn't have access to satellite photos of every place
on earth. And we definitely didn't have street view photos to get access to
stuff like this you had to be like a government spy but now everyone has this capability to freely
access satellite imagery of pretty much anywhere on the planet it's kind of crazy okay so kyle and
his co-workers fly out to this place they rent a car they get a hotel room and they wait for nightfall
thinking there'll be a lot less people at night, maybe nobody,
and they should be able to sneak in somehow, unchallenged.
So typically, right, like, you know, you want to dress for the part.
So we were dressed in darker clothes.
I had a black beanie on.
I'm a very pasty boy, so I stand out pretty hard when there's a little bit of light.
I had a black button down
shirt you know it was it wasn't super crazy tattoos hidden you know beanie can just be
swept off with short hair that i just freshly cut for the gig you know like it's i'm on the
i'm on the level as far as playing the part goes they get in their rental car and park next door
to the facility it was a weird house turned business in this weird industrial area and it
had a carport we just kind of slid in under there and it was a rental car. It wasn't anything super flashy. It
was like a Kia something. They knew the building had a chain link fence around it and started
walking around the outside of the fence looking for a way through. That's when they spotted a
part of the fence that they might be able to get under. So they tried. Rolled up underneath a
chain link fence
and we just kind of hung out
in between some trucks for a minute and got our bearings
on the situation.
From here they could look around
to understand the facility better.
There were a lot of trucks at this building.
Company trucks, like trucks
for workers to use to visit customers
to fix or install
lines.
A whole fleet of trucks were parked there for the night.
Kyle and his co-workers kept looking around for any people, cameras, guards, lights, alarms.
But it was quiet.
So we didn't see any guards, right?
There's not really a whole lot of camera coverage. We saw one camera on the back of the warehouse building we were going to go for.
It was fairly well lit, so that was kind of problematic. They mapped a path to the building,
finding a way to hide in the shadows and get close to the door of the building.
They had to take a long way around to avoid any cameras or lights. But eventually, they reached
the door of the building. It's like a typical warehouse building. There are loading bays and truck docks
and that kind of thing. But also there's a regular door for people to walk in and out of. It's late
at night and they've been watching the area and nobody is around. Take a little bit of time, come
around. We get to the warehouse building and suddenly, you know, we go to just pull on the
door and voila, it's just open, man. That like, there's no trick to it. It had an HID, you know, we go to just pull on the door and voila, it's just open, man.
That like there's no trick to it.
It had an HID, you know, reader like there was supposed to be a locking mechanism, but apparently it wasn't functioning.
We never really found out what happened there.
But that was a huge stroke of luck right off the bat.
OK, so as we hear Kyle's story, I'm going to point out a few things that I think this company should do to fix these problems. In this case, it was way too easy to get on the lot, and there should have been better cameras, and maybe a guard watching over the fleet of trucks, and of course they should
absolutely be locking the door to this place at night. Really, the door was completely unlocked
into a warehouse of a utility company? But this is why the company hired Kyle, to check these kind
of things. And this is why Kyle picked hired Kyle to check these kind of things. And this is
why Kyle picked this building thinking it might be easier for him to get into versus the maybe
the corporate offices. So we walked through the door. We're just in a shop. It doesn't seem like
much, but we do see there's some shop computers. So we know we've got network access there. And
then there's smaller buildings or structures that they build within these massive warehouses.
So they're kind of like a little office building within a warehouse on a lot, you know, kind of And there's smaller buildings or structures that they build within these massive warehouses.
So they're kind of like a little office building within a warehouse on a lot, you know, kind of thing.
Kyle thinks that might be a manager's office or something.
It might have extra documents or extra network access.
So he heads over to that door. There is a kind of a box of nails or screws jammed into the doorway into that office area.
So again, like, thank you very much.
Open the door right up and in we go.
Okay, next tip.
If you have an office that has any kind of sensitive documents in it, lock it up at night.
So Kyle and his co-workers are now taking cover in this office.
And it's a good place to hide out and look around.
They can hear if someone's opening the door to the warehouse or if someone's coming, and they can keep watch from here.
So Kyle takes his backpack off and pulls out a Dropbox.
A Dropbox is just a computer, but it's like a small, portable, self-contained computer.
And you can plug it into the network and leave it behind if you have to. It was a cell phone with a full battery and mobile hotspot enabled,
attached to a Raspberry Pi,
attached to a wireless card connected to that mobile hotspot,
connected to a battery pack, all duct taped together,
plugged into the network.
So we bypassed the firewall, right?
Like there's no traversing out.
You plug in, it's out.
Hacky as shit.
Dumbest thing I've ever done by far, technically speaking.
But it did the job really, really well.
Kyle plugged it into the network in this little office
and texted the co-worker who's on the other side of the country
who's been waiting for this moment.
The other person is a penetration tester,
and he checks the connection.
The way this particular Dropbox works is like this. This is a Raspberry Pi, and it's like a tiny little Linux computer.
It's about the size of a pack of cards. It has two network connections. One is this cell phone
that it's connected to, and the other is the network in this office. When it's plugged in,
it turns on the cell signal and tries to connect back to that pen tester on the other side of the
country. This basically gives him access to this computer,
as if he's sitting right there in the office with these two.
But now that Kyle has plugged this thing into the network,
he tells the pen tester, it's in.
And the pen tester now quickly gets busy
trying to figure out his way in and around this network.
He's checking to see what kind of traffic he sees,
what kind of VLAN he's on, what servers they're talking to.
And he goes from there
and he gets busy trying to find anything he can in this network.
Man, this is such an effective technique. I just want to underline this a little bit, right? Like
you walk in the building, you stick this computer in their network, basically, that allows your
other red teamer to connect into it, which just basically gives them access into this network.
And then from there, they're aggressively, I mean, they're probably a very skilled person who knows how to like heat sink straight to the goods of this place.
Right. And so they're aggressively trying to get things as you're also in the building at the same time, like within minutes, they're probably already very successful. Yeah. I mean, more often than not, honestly, I'll just be going through filing cabinets or
throwing a few million dollars of competitive intel in my backpack and I'll get a text message,
yo, got DA. I just put it down five minutes ago, right? That's absolutely correct.
Got the A?
DA, domain admin.
Oh, domain admin? Within a few minutes of walking into this building, the team has full administrator abilities in this network.
They can now see any files on any drives in this location,
and they can read emails for anyone who works in that building.
They pretty much have access to anything in this network.
Amazing.
So I should point out that even though I don't know how he got DA,
domain admin,
there are probably a few security holes in this network that need to be patched.
But besides that, this company might want to enable.1x or NAC or some kind of way that
would prevent a computer to just plug into the network and be right on the network.
And what.1x or NAC will do is require the computer to authenticate before getting access
to the network.
So that would prevent someone like Kyle to just walk in and plug their own computer in it. See, the goal with security isn't to make everything
perfectly secure, but it should exhaust the attacker's resources. Imagine if every port was
locked down in this warehouse. Kyle would have to go around trying every port he saw to see if that
one was open and would allow him on the network. And this might have taken him a long time for it to happen. And maybe during that time, a guard would come by or another
employee would come by and they would catch these hackers in the act. So sometimes you just need to
slow down the hackers as best you can. But in this case, nothing was slowing them down at all.
I'm wondering like how hard your heart is th dumping at this point. Like, are you like
seriously looking over your shoulder a lot? Are you super nervous? Not me, man. And I don't think
my friend was either, which is why he did a lot of physicals with me. I honestly have never really
been a nervous person. It takes a lot to get me going. I just see it as I'm there to do a job and
it's going to get done. So I already know that.
What's to worry?
Kyle keeps snooping around the office and grabs all kinds of documents and files and shoving all this into his backpack.
Yeah, yeah.
So we got some competitive intel, which was something they were concerned about, right?
I mean, it's not just for competitive purposes.
It can also be for, you know, more malicious or, you malicious or national security related.
How do you know where to look?
So you're actually opening filing cabinets looking for anything that would be of value, right?
Yeah.
And if there's not filing cabinets, more often than not, I think you would be surprised to find that there's a lot of really good information just rolled up sitting in boxes right in front of you when you walk through the right door. It's really a lot of times just a bunch of plans when
you go into these sort of companies that you're really after, at least me, because I look at it
like, you know, I can take a lot of this data and sell it to your competitors. I could take this
data and I could sell it to, you know, enemies of the state. I could take this data and I could use
it to leverage it for attacks against all of these state i could take this data and i could use it to leverage it
for attacks against all of these other buildings or all of these other locations so whether it's
gas electricity um you know anything like that if if there's diagrams and data to be had i want it
i want it bad we did also take um some reflective gear with company branding we took some company cell phones
that we saw in bags that were obviously stored you know not in use actively you know we grabbed
a couple of things like that some lanyards right like this is the sort of stuff you do when you do
these multi-facility things that you snowball the gear is what I like to call it. You just kind of snowball the loot and by the time you get to the most important target
there's no way you can fail. You have everything you could possibly need for any situation.
They even went back and grabbed their Dropbox because at this point they had so much access
and lots of documents that they might as well take it with them to the next location and go
with a running start next time. This looks like a job well done. They got everything they came for and it's time to bug out. It was successful. We decided
to bug out. We took the hardware with us. Kyle takes a look at the objectives that the client
wanted him to do. Get physical access into the building. Check. Get network access. Check. Get
domain administrator access. Check. Get competitive intel. Check. find any spare keys to doors or trucks that you can take
check but there was one more thing on the list they wanted us to steal as many trucks as we
could off the lot we took like a lot of like f-350s filled with tools and trailers on them
with like backhoes and bobcats and all kinds of shit dude um and we were instructed to park them
down the street in a big
parking lot and then just leave the keys somewhere inside of the building so that once you know they
found the keys they could go get the trucks but they wanted to see what the employees would do
if they came in the next day and all their vehicles were gone unfortunately i'm not capable
of driving a semi or we would have made out with a lot more. So how many did you move?
I think 12 or 13, man.
We took a lot of trucks, and they were all full of shit. All of them.
Do I even have to explain the mistakes made here?
First, lock up the keys to the fleet of your trucks,
and don't leave whatever key you locked it up with just lying around for someone to find.
Second, there are no guards or anyone watching the cameras at this place. At least
someone should be monitoring the gates when they're opening and closing and look at the camera to see
what's going on, right? Kyle and his co-worker had a successful night and they acquired a lot of stuff
but they weren't really feeling ready to go to headquarters yet. They wanted to hit up a few more
locations to what Kyle says snowball the gear. They wanted more stuff and more access
before taking on a big building. The next day, they called the head of security to give them a
report on how it went that day. Security was shocked, but wanted to see if they could take
it a step further, like really teach that location a lesson. They had us go back the next day in
broad daylight, get into a truck because we had uniforms.
Right. So no one's going to stop us.
We had the key because we'd stolen it from the building.
They wanted us to go in broad daylight, put the key in the ignition, start the truck and try and drive off the lot.
That worked. And then I called them.
I was like, what do you want me to do now?
I'm just sitting in front of your building in one of your trucks, fully dressed up and no one's really doing anything.
Even though we just stole all your shit last night what do you want me to do now like well fuck it just drive it to the headquarters so i drove it all the way to
that particular company's headquarters which was about an hour away and then i parked it in the
parking lot and i was uh i was instructed to leave the keys inside and they were going to tell the
security guard there to go check it out. I don't know what the plan was there, but I did my part
and then I got picked up and that was that. So the next objective is to do a similar thing at
a different location, but this would be the headquarters of one of their larger acquisitions.
This building is in a totally different city and
state and they do a lot of passive reconnaissance like looking on social media to see if anyone
posted pictures of what the badges look like so that they could maybe make a duplicate and they
also look at what Google Maps has to offer. This location was kind of more in a downtown type area
this wasn't the same as the the previous So this was in a more business region than the
other. I would say that equally dead at night though, this was no exception in terms of the
Midwest lifestyle. It was downtown, but once nine o'clock hit, there was nobody on the streets.
So we checked it out during the day. We wanted to see what the foot traffic was like and it actually was surprisingly high for such a small
area um being that it was downtown we decided that we would try to walk around inside see if
security questioned us no one said anything we made it to the elevator, saw that there were badges and just kind of kept walking along. Then we left the building, went out, saw there was a massive
parking garage that was attached to the building and kind of wrapped around. So we figured that
could mean there are external doors into the parking garage from, if not our client's offices,
someone else's offices, which will be good enough. So we wait until night,
because that's just, I guess, what we like to do.
This building isn't a warehouse. It's a seven-story office building.
And this utility company only occupies one floor of the building.
This office building essentially took up an entire city block, including the parking garage.
Okay, so this isn't the headquarters of the company.
It's the headquarters of a company they acquired.
So it was a big place.
We wait until nighttime.
We parked just down the street.
There seemed to be a couple of homeless guys that kind of like wandered up and down the street regularly in this spot.
So we just kind of wore like ratty clothes, messed up our hair a little bit.
I threw a dress shirt in my backpack, for example, and threw on like aty clothes messed up our hair a little bit um i threw a
dress shirt in my backpack for example and threw on like a t-shirt that i ripped a hole in you know
we just kind of walked down the street in these clothes and the security guards would kind of walk
around inside the building and look at the street periodically you know and see these people walking
about as soon as we noticed you know he turns around he people walking about. As soon as we noticed, you know, he turns around, he walks away.
We dart into the parking garage.
And meanwhile, there's a homeless guy screaming at us as we're doing it.
And I'm pretty sure that he started to like come after us,
but the security guard came outside and started yelling at him and he stopped.
We didn't go back to like double check,
but we're pretty sure that's what happened. And we were trying not to crack up.
But we started, you know, kind of walking up the ramp
into the parking garage.
We saw stairwell doors and we thought,
well, you know, it might only get us to the roof,
but it might also let us into an office.
Now, sometimes big buildings like this in downtown
with parking garages have a stairwell
that leads you right into the building. So Kyle and his coworker go into the stairwell and take
a look. Once they get in the stairwell, they see another door that's attached to the office
building, like an emergency exit to come out of the office. So we kind of start walking up and
down the stairs. We're like, well, it's not exactly a fucking company directory on the wall inside the
stairwell, is there? So we really don't know which floor is which, and we don't know which
floor we're on. Let's just start guessing. They find that in the stairwell are two doors on each
level. One leads to the parking garage, and the other leads into the office building. They try
pulling on the office building door, but it's locked. So they go up a flight and pull on that
door, but it's locked. They go up another flight,
locked. They go up another flight and try the door. This one opens. It's just totally unlocked
and leads them right into the office building. Got an open door. Cool. We walk out. We see a hallway.
The hallway is like a common area. It's not any particular office. It's like the
same hallway you'd be in if you just took an elevator up to that floor. As they walk down
the hallway, they see doors to different offices. There were a lot of different companies in this
building. We see a couple of doors. We see some HID badge readers on these doors. We don't know
who they belong to because they're not marked. We decide not to fuck with them just yet. And we decided to walk over to the elevator.
We get into the elevator.
We see the badge reader.
We think, shit, we can only go down to the lobby.
So far, so good.
They're in the building, bypassing the security guards
who were there to make sure nobody got in the building
late at night like this.
But the badge reader on the elevator means that
in order to get to certain floors,
they need to scan the RFID badge to get to those floors.
But still, they have no idea what floor their client is on.
They didn't do enough passive reconnaissance.
And there's no directory anywhere, not in this elevator or nothing.
So they're both standing in the elevator trying to figure out what to do.
So we had one option, right?
Press 1, go to lobby, walk out, look like idiots.
That's our option one.
Not going to do that.
So the other option is to sit there
and wait for someone to call an elevator to a floor.
Could be a security guard,
so we got to be ready to look normal
like this was a coincidence.
But it could also be someone
just manning the phones at night or some shit.
That's the safer option.
And while we're doing that, might as well throw or some shit. That's like the safer option.
And while we're doing that, might as well throw option three in there and brute force the fucking buttons.
One by one, they start pushing floors in the elevator.
They push the button for the top floor.
The elevator didn't move.
Rats, need the badge to get there.
And they push the button to the next floor.
Elevator didn't move either.
The number didn't even light up. They tried another floor. Nothing. Then they tried the next floor. The elevator didn't move either. The number didn't even light up.
They tried another floor. Nothing.
Then they tried the next floor
and boom! All of a sudden,
the elevator started moving.
We didn't know though. We didn't know why.
We just knew that it was moving.
Was it because we pressed a button? Did someone call it?
Are we going down to the lobby because we tried too many times?
So there was a moment of confusion
and we just kind of looked at each other like, uh. But then the doors open and we see the company logo and we
see the desk and we see the doors and we're like, bing. When the doors open, they saw the company
logo for the place they were trying to break into. The one floor that didn't require a badge to
access was the exact floor they needed to get on. What another stroke of luck. So as you
come out of the elevator, there's a reception desk and then two closed doors after that, which leads
into the office. We check the doors. Oh darn, they're locked. Right? So we look over at the
receptionist desk, a couple of drawers. There's a lock box on top of the desk. How much do you want
to bet that the key for that lock box is underneath your keyboard or in one of those drawers?
That was a correct guess.
We found the key to the lockbox inside of the first drawer that we checked.
And inside of the lockbox were guest badges.
Guest badges that were not deactivated when they were not in use.
After rooting around the reception desk, they found badges that let them in the door.
This kind of reminds me of many video games I've played.
But there's another tip.
Don't leave the keys under your keyboard or in drawers in areas like this.
Because now the team is in.
Rinse, lather, repeat essentially from the previous site.
Once we were inside, the objective was to find as much, you know, information openly accessible as possible, see if you could get on the network.
A good place to always lay low for a while is the bathroom.
So the two head into the bathroom, change their clothes, and sort out their plan.
I was in the bathroom with my colleague.
We were trying to figure out where we were going to put the Dropbox.
And we said, well, we didn't get into the server room at the last site.
Let's see if we can get into the server room at this site. It's got to be on this floor. This is their only
floor, right? So we know it's here. There's at least an IDF something. So we're walking out of
the bathroom. And as soon as we walk out of the bathroom door, there's the security guard
and he jumps and we jump and we all go, ah, I go, holy shit. You scared me, man. And he jumps. And we jump. And we all go, ah! And I go, holy shit, you scared me, man. And he goes, you scared me. Are you guys okay? Are you guys working late? And we're like, yeah, man, Jesus. You gotta let people know when you're coming. You gotta put a bell on you or something. We all laugh. We part ways. Security ran into them, but because they dressed like they belonged and were already in the office, the guard didn't question them.
This is a bit odd. The guard failed here.
He should have stopped them and asked them more questions, but instead he just walked off.
And then we continue walking around the building, as I said earlier, collecting stuff, taking pictures, flipping keyboards.
And then we walk by a door, we hear humming. You know the humming.
Something on the other side of the door was making a loud whirring sound.
There was no windows in this room, so the team couldn't tell exactly what was in there.
But when you work in IT long enough, this whirring sound is something that you will instantly recognize as the fans of a server rack.
The team had scoured the whole floor at this point and didn't find the server rack anywhere either. So they knew for sure that this had to be the room
with all the computers, but the door to it is guaranteed to be locked. With no windows, how do
you get in? You look up and see there's a drop ceiling. And this is the typical office type
ceilings that have panels that can be pushed up and there's like a space above the panels.
There's a broom in a janitor's closet just down the hall.
We grab that.
We poke it up into the ceiling and we see that there is no wall extending over.
Right.
So easy enough.
I just held out my hands and said, boost up, bro.
So up he went, no question.
And then he slid the other tile out of the way, dropped down on the other side.
And all I hear is, I'm good. He plugs it in and finds a way back over, slides the tile back into place. And that was that.
Okay. So where's the security failure here? This is a server room of the headquarters of a utility company that got acquired by this larger utility company.
The server room of a place like this should be treated as a very secure room.
It should have a security camera monitoring the outside of the door, the inside of the door, inside the server room too.
And definitely a very securely locked door that probably should be logged when it's opened or closed, and maybe even some pressure sensitive plates to know if something
heavy has come in or out of the room. When constructing the server room like this, you
should extend the walls up into the drop ceiling to stop people from just going through the ceiling
to get in. I've heard this done many times before, and a few 2x4s and some plywood would certainly
slow these people
down and especially if you have guards wandering around the floors if they heard sawing and
hammering going on in the ceiling they'd probably come check it out yeah there was a moment of of
giggling there too there's like there's no way that there's just not a wall right like that's
but that's the thing with these multi-tenant facilities is a lot of times you don't have
the the leeway clearance pull whatever it is you need to get shit done in that building because you're too new there or the other tenants don't like your company, whatever political reasons there could be.
But a lot of times you are barred from being able to make those kinds of very important changes to the structure of the building.
They didn't want to come out through the server room door
because that might trigger some kind of log or event.
So they left the Dropbox in there,
came out through the ceiling, putting everything back.
They get their pen tester to then get into the device
and start attacking the network from that Dropbox,
which is in the server rack.
We also went around and tried to see
what other sorts of findings we could generate from this site for the client.
Things like, you know, are the shred bins unlocked?
Because that's a fairly common mistake.
The data that needs to be, you know, gotten rid of is supposed to be locked up.
And a lot of times it's either so full you can just grab the shit out with a picker or you can use your hands or it's just unlocked.
They got everything they needed from this location and they're ready to leave.
They knew that if they just went down the elevator through the front doors past security,
that might raise some suspicion.
So they came up with a plan.
We decided we didn't really have much of a choice.
We had to get all dressed up in stuff that we found around the office.
Hard hats, reflective gears.
We got a bunch of those, you know, big cardboard
roll-up storage things so that we could put a bunch of stolen goods in there. We had files.
We had a couple of tough books that we wanted to take with us to a SCADA site. We had some
truck keys, you know, we had about everything you could need to be an employee of this company.
And we decided to just walk out the front door in front of the guards.
When they walked past the guards,
the guards spoke up.
He was like, oh, you got a hard hat on.
You're going to be working hard.
Yeah, they were totally chill with it.
They didn't even suspect a thing,
which I thought, again, was very, very odd considering that it was like three in the morning
and he had just seen us in normal street clothes outside of the bathroom upstairs.
It was very, it was very weird.
A very weird occurrence.
They walk out of the building, down the road, load their stuff up in the car and leave.
And I don't care who you are, that's got to give anyone an adrenaline rush.
Oh yeah, of course, man.
As soon as the car doors close,
that's generally when it's okay to kind of cut loose, right?
Like we're not on camera anymore.
There's no way a client could hear us.
There's no one, right?
Like we can be a little excited.
We can get a little cocky amongst ourselves.
We can have a good time
and get back to the hotel and party.
And, you know, if you've left the Dropbox there, honestly, that's kind of the other
half of the fun on physicals where I leave the Dropbox and then we go back to the hotel
and then you're just hacking all night, having fun with whoever's there with you or even
your buddies who are out traveling on other engagements over the wire because, you know,
you're just passing the shell around.
At this point, they have a lot of stuff from this company
to try to get them access into headquarters.
But they don't feel like they have enough yet.
They want to hit one more site to see what they can take from there.
So they go to another city in another state
to another office for this utility company.
And this is a smaller office than the last, much, much smaller.
This office is like in a medium-sized building, one story,
with other companies that are also in this office building.
This is definitely one we have to hit at night. There's no way we can do it during the day
because the office is so small that unless we have an airtight cover story,
they're going to know that we're not supposed to be there and they're going to want to know
who we are. Really small offices are just like that.
The team arrives at the building at night.
They see a few cars in the parking lot
and people coming and going from the front lobby.
They discovered that other companies in this building
have overnight workers, like a call center.
They go up to the front door and it's open.
They get into the building.
There are no guards since it's a small building
and the front door is always open
to let this overnight staff get in.
We didn't really do a whole lot of recon in this case because the building was pretty straightforward.
One level, you know, just a long hallway with some doors.
Cal and his buddy go down the long hallway looking for the utility company inside.
And they finally find the door.
It's a glass door and they can see inside.
It's dark. Nobody's in there.
They pull on the door, and they can see inside. It's dark. Nobody's in there. They pull on the
door, but it's locked. It was a glass door, and it was, you know, one of those hook handles,
and the lock was inside of that, so it wasn't a deadbolt, but it seemed industrial grade.
The team looks around. The hallway's empty. There's no security in the building, and nobody
seems to be around. So they pull out
some lock picks and begin trying to pick the lock. Kyle's okay at this, but his friend is much,
much better. So his friend kneels down and slowly tries to open the door. Now, I say slowly because
picking a lock is usually not a quick process. There are two basic tools, a rake and a tension
bar. The rake goes into the lock and
pushes the pin up, ideally to the same position to where the key would push them up to, and then
the tension bar is used to twist that lock open. On a tough lock, you can literally try it hundreds,
if not thousands of times, and get nowhere, and not even know if you're anywhere close.
When you try it, it either opens or doesn't. And another
big problem with picking locks is you don't know if you need to twist the lock clockwise or
counterclockwise to open it. So half your attempts have absolutely no chance of working since you're
twisting it in the wrong direction. Kyle waits nervously as his friend keeps trying to pick the
lock. I'm just kind of like, you twist the lock, nothing. Push pins up, try to twist, nothing.
Push, twist, nothing.
Push, twist, nothing.
Over and over he tries.
And to add to the stress, this is a very small office,
so they thought there might not be anything inside for them to even take.
It was stressful that we were sitting in this dark hallway
working on a door handle for what we thought was basically
no reason other than to appease the customer.
And if we got caught, you know,
then we could have our cover blown for headquarters, right?
Because the security incident could get reported to everyone there.
They would then tell their, you know, parent companies
or alert everyone in their offices, whatever their
procedures are. And then our photos get emailed to headquarters, right? Like that stuff happens
when you get caught doing dumb shit. So yeah, it was a little nerve wracking, especially,
like I said, we thought it was for probably nothing. After a while, your hands start cramping
up from this. Your knees are getting sore from kneeling. And the pressure builds because you're just hanging outside of an office for a long time,
looking really suspicious.
Push, twist, nothing.
Push, twist, nothing.
But then, push, twist, unlock.
It worked.
They got the door open.
Quickly, get inside.
We get in, though, and we see, like, okay, there's like eight desks in here.
It's all open.
There's like a kitchenette.
There's a bathroom.
And that's it.
There's nothing.
Well, why are we here?
I guess let's look around and see what sort of data we can get access to.
Let's see if the network's any different.
Let's see.
Because it's a small office, they can comb through things a little bit more carefully.
They look in people's desk drawers for anything worthwhile.
They look in filing cabinets.
They even start looking through any backpacks that were
left there overnight.
Well, just by happenstance,
it seemed that there was someone
traveling to that office from headquarters
that day
or that week or that month.
We don't know. Maybe he had been relocated
and just never sent back his original badge.
But we found it in his backpack
that he left at work.
This badge looked like it would specifically work
for the main headquarters,
the main objective they needed to access.
Finding this badge absolutely
was worth the trip coming down here.
So we clone it with a proxmark
right on the spot,
and then we leave.
We didn't take anything.
We didn't even really take pictures of anything
other than the badge and him picking the lock.
You've already heard Kyle say he's got a Dropbox
in his backpack and a set of pick locks,
and now you see he has a badge cloner.
This is a device that can scan an RFID badge
and take the data from it so you can make your own badge.
At this point, I'm curious.
Let's take a look in Kyle's bag to see
what other things he brings with him on a mission like this.
The general essentials are, you know,
your kind of standard tools, right?
Screwdrivers.
You're always going to need a good screwdriver.
You're always going to need a Dropbox.
Network taps aren't a bad thing to have if you can get one
they're not they're not always so great they usually like force you down from gigabit so
like you can't really use it in a data center environment or anything like that very well
but they're not bad rutabagas are okay but i wouldn't say they're essential if you have a
good dropbox then you're going out over 4g you don't need that Wi-Fi access to the internal network.
But multiple methods of persistence are always good to have in your bag. So I actually always keep one with me, even though I rarely use it. Another essential is a spare phone, a spare
working phone with service. It's really important. You may need to call yourself from it and flip it
over and slide it under a door so you can see what type of locking mechanism is on the other side you may need to use it for a hot spot for a laptop that
you're going to use to shell out so you can leave with before someone shows up for work but you
don't have time to get persistence any other way i mean there's always a good reason to have an
extra phone and then you know there's the obvious kind of accessories to the Proxmark, which are spare antennas, spare badges.
And I would say if you can afford it, a boss cloner is great.
Those are a little pricey pre-built, and I think they're kind of a bitch to build.
But, you know, they're awesome.
You can just sit at the nearest lunch spot that you scoped out on social media and know all of the employees go to
and just catch all the badges all day. So those are a lot of fun too. And they took pictures of
this badge too so they can make as close of a replica as they can. And they leave the building
and get back to their car and feel good about breaking into this office because it was worth it.
Now they have their sights set on the last location,
the national headquarters for this conglomerate of a utility company.
Everything they've done up until this was to prepare for them to get into this building.
They've got keys to trucks, hard hats, vests with the company logo on it,
complete with persistent network access.
And they know a lot about this company.
And they have cloned badges.
So now we get to the interesting part.
We're going to take a quick break here, but stay with us so you can hear the interesting part.
This episode is sponsored by Shopify. The new year is a great time to ask yourself, what if?
When I was thinking, what if I start a podcast?
My focus was on finding a catchy name, some cool stories, and working out the best way to record.
But oh, so much more goes into making a podcast than that.
If you're thinking, what if I start my own business?
Don't be scared off, because with Shopify, you can make it a reality.
Shopify makes it simple to create your brand, open for business, and get be scared off because with Shopify, you can make it a reality. Shopify makes it simple
to create your brand, open for business, and get your first sale. Get your store online easily with
thousands of customizable drag and drop templates, and Shopify helps you manage your growing business.
Shipping, taxes, and payments are all visible from one dashboard, allowing you to focus on the
important stuff. So what happens if you don't act now and someone beats you to the idea? The best
time to start your new business is now with Shopify.
Your first sale is closer than you think.
Established in 2025.
That has a nice ring to it, doesn't it?
Sign up for your $1 per month trial period at shopify.com.
Go to shopify.com.
And start selling with Shopify today.
Shopify.com slash darknet and start selling with Shopify today. Shopify.com slash darknet.
Kyle and the two other co-workers head to this location of where the headquarters is,
but they decide to leave the penetration tester back at the hotel to be ready to come rescue them if need be or use the internet to help them out in some way.
It's in a big city and it's a big building.
Kyle and his friend go to the building.
We decided, all right, we've got this badge.
It might work.
It might not.
It can't be seen like trying that shit out at the front door in the middle of the night.
Right.
You know, you can't just walk up and be like well here we go and then if it doesn't work then what
we're immediately burnt of course
so we
do some careful recon against this building
this is in a much bigger city
this is definitely going to be
a lot of traffic at night this is not
what we've been dealing with previously
this building is
gigantic. It definitely takes up a whole city block and there is no parking garage. We decided
to kind of scope it out a little bit, see where all of the entrances were, see if there was roof
access, you know, see if there was any wall or anything going up to the roof that wasn't all glass
that we could potentially scale if we had to.
You know, the building itself looks like it is going to be fairly difficult to get into
any way except for the front door unless this badge works because there was a service entrance
at the back.
It was an obvious service entrance because there were some utility trucks and there were some big, you know, kind of turbines sticking out the top of a little
building that was right next to it. So it was like, you know, kind of the machine room area.
We thought, well, this seems like a safer place to try it out. They parked their car down the road
and walked down the street to the back of this building to the service entrance in the middle of the day. They get up to the door and they see it has a badge reader. And we swiped and the door
opened and in we went. And we were in a very, very odd kind of boiler room setting, right? Like this
definitely wasn't where we wanted to be, it was a start this means that the badge
we found at the previous site was valid does work and now you know we're we're in the building so
that's good news so we take a look around you know we don't see any cameras we don't don't hear
anything else other than the coming of machinery and you know whatever is going on around us and
we see we see a an exit sign above a door
kind of down a dark hallway and we make our way we open the door no alarms we're good we peer out
and we see we see through a door that is kind of like a frosted glass like that there's the long
lobby to the front entrance all right so means the security guard is probably just outside that door somewhere.
Then we look to the right and there's a long, dark hallway.
We don't know where that goes.
We looked at ahead, though, like just to the right of that frosty glass door.
And there's a little kind of office room with a copier.
And it looks very cozy and like we won't be bothered.
So they sneak across the hallway into the copy room. Nobody saw them.
They start looking around for anything of value here. They find the copier has a network port.
So we get the Dropbox plugged in in between the copier and the wall. We're hanging out,
looking around to see if we can find anything useful in that room. Letterheads, stuff like that
can equally be useful if you have nothing at all when you're walking around in that room. Letterheads, stuff like that can equally be useful if you have nothing at all
when you're walking around in a building. It's good to have a handwritten letter on company
letterhead saying, check out this in room whatever, you know what I mean, then have nothing at all.
So keep that in mind. If you're just stuck in a paper room, that's still perfect. You just need
to be a little more creative with what you have around you. So you would write your own letter to
say, this is what I need you to do,
and then you would show that to the security guard if you got caught?
Is that what you're saying?
Yeah, I mean, it's better than having nothing, right?
Like, if I just give them a story, it's just a story.
But if I have a piece of paper on company letterhead,
you know, with dash Mike at the bottom,
like, I'm sure he knows Mike.
Everyone knows Mike.
So yeah, I mean, in that situation, if you've've got nothing else and that's kind of where you're stuck um the point i guess i'm trying to
make is you can you can make use of that seemingly unimportant detail you know like access to company
letterhead or envelopes kyle texts the guy back at the hotel to let him know the dropbox is plugged
in the pen tester gets into the dropbox
and sure enough he can get into the whole corporate network from that little port behind the printer
and the pen tester finds other access to folders and data which didn't even need a password to view
so they're feeling good that they accomplished all their objectives so we had successfully gone
from you know site to site gathering everything that we gathered, including data,
uniforms, clothing, hardware, and a badge. We successfully breached and compromised the network
of the headquarters building without being detected. We never got, you know, caught,
challenged. We never talked to anybody. We went right back out that back door again.
Okay, so here's some tips for this. Back doors should have just as much security as front doors
because bad guys use the back door as if it is the front door. In this building, there were security
guards watching the front door constantly and there's extra security there. But this back door
was secured only by an RFID badge reader and nobody was around. Oh, and also, again, make
sure all network ports require authentication so Dropboxes can't be thrown into the network so
easily. Once we left that building, all objectives had been accomplished. We had tried the least
hard on the last building because we had everything we needed to make it go as smoothly as possible.
But here's the thing. Kyle and his team were given a few days to test this building.
And since they were so successful, they had free time.
So why not spend the rest of their time testing the building further and see what else they
can do in there?
The second time we went back, we decided we needed to challenge security.
We have, you know, a budget.
Might as well use the rest of it.
Let's kill the rest of this time by just seeing what security does.
And then we'll go in the next day and we'll see what the people do.
So they wait for night and then head over to the building.
All three of them are driving separate cars.
We decided that we were going to go in through the front door.
Because at the front door, they knew there would be security guards there.
And they wanted to see if they could get by those security guards in the middle of the night.
They drive around the neighborhood looking for a place to park but they can't find anything.
The only parking spot Kyle could find is one that said no parking because it said the street cleaners would be there in the morning and they didn't want anybody parking there. Two of us park
our car. It says a no parking zone. I don't care, right? What's going to happen? They're going to
tow the car and that's the worst that could happen. I'll probably just get a no parking zone. I don't care, right? What's going to happen? They're going to tow the car, and that's the worst that could happen.
I'll probably just get a parking ticket, though.
So me and one guy park our car.
We get out.
We start walking towards the building.
Our partner was behind us and could have easily just parked his car where we did,
but instead thought it was clever to call us and tell us that we parked in a no parking zone.
To which I said, who the fuck cares?
We're literally here to break into this building.
Will you please park in the no parking zone?
And he's no, you know, hangs up, drives around the block.
So we're just standing there out front in this very well lit, you know,
front of this building and the security guard like walks up to the door
and is now staring at us, right?
So he comes around again
and he's staring at us out of the cars.
He's driving around.
We're staring at him and then he drives around again
and now the guard is like looking at us sideways.
So we're like, okay, well, we're definitely fucked now.
Let's just leave.
It's the best thing we can do is just leave.
Kyle really didn't think parking there would be a problem because they were going to be in and out so quick and they weren't going to street clean until the morning.
But this phone call right in front of the office door just screwed up the whole vibe of this mission.
And we decide we'll come back in like a half hour or something because that was just ridiculous.
We can't we can't even tell anyone about this, you know.
And so we give our friend a little bit of shit for not just parking on no parking spot.
We find some parking spots to soothe his delicate sensibilities. We park in those
spots instead. And then we walk our happy asses down the street and we walk up to the door.
As soon as they get in the front lobby, they see a door that gets them into the rest of the office.
With a little badge reader next to it, you have to scan to open the door.
That door is right next to the security guard's desk.
And sitting at that desk is the same security guard who saw them earlier, and he's watching them.
He's ready for us, right?
Because he just, right?
I mean, how can you not be after seeing that just a half hour ago?
He's not that short term memory guy,
I guess.
So we're unfortunate there,
but I badge in,
they walk in behind me.
He immediately says like,
Hey,
uh,
I see that your badge works,
but you guys didn't,
you guys didn't badge in,
you know,
you're supposed to badge in even if you're going in behind someone right it's like yeah we know that of course man
but we're just we're here dealing with some incident response stuff we're with information
security we're in a hurry can we just go upstairs he's like well i want to see your badge you know
you're talking to me and i had i had taken their badge design put my photo on it, and printed it on this cloned badge. This has my face, my name
on it, and he's asking for it now. He's writing down the data. He tells the other guys to go badge
in. Now the other two guys had badges too, but they were just blank RFID badges just for hanging
around the neck to look official, but they didn't actually work. But they decided to try it anyway.
So they badge in and they beep. See, here's the thing about RFID badge readers. They beep whether they work or
not. And since Kyle's badge worked, it was able to open the door and he held it open for them.
But see, the beep doesn't matter. After you scan it successfully, there's a little click
that's important. And that click is the sound of the door being unlocked. But in this situation,
as soon as Kyle heard the beep, he spoke up.
We're just like, yep, see, they work.
And then he says, okay, where are you guys going to be?
We said, we're going to be on the fifth floor.
You know, just pulled the floor out of our asses and just said the fifth floor.
So Kyle and his two co-workers quickly made their way into the building
and the security guard didn't follow them.
We walk up the stairs.
The departments are labeled on certain doors and we
see one that says information technology. Oh, it's cruising there. Let's grab some laptops,
plant another Dropbox and then get out of here fast. Meanwhile, the security guard goes back
to examine the logs. He looks to see who just badged into this door and shows a picture of
the employee. That picture doesn't look at all like what Kyle looks like.
Next, the security guard looked at the logs for the other two guys, and it showed failed authentication.
At this point, the hairs on the back of the security guard's neck were standing straight up.
We get the drop box planted.
We start loading up our bags, and mid, mid stuffing laptops into a backpack.
Right.
Police officers just come around the corner and I look up and I see them and I'm like, well, fuck me, man.
Really?
I look back at my partner.
I was like, this is this is your fault.
You didn't park the fucking car.
And so, you know, the security guard says, can you stop right there i need uh i need to talk to
you come over here please where we can see you um so you know i start kind of walking into a more
lit area slowly cops are all really nervous and everything i'm like guys you got me it's it's all
good like here's here's this letter i'm gonna hand it to you it's in my back pocket i pull it
out and i hand it to the cop just the cops hand it to you. It's in my back pocket. I pull it out and I hand it to the cop. The cop's handed it to the security guard.
The security guard goes, fuck.
And he like turns around, walks away and makes a phone call.
What Kyle had is what's known as a get out of jail free card.
It's a letter from the security guard's boss saying that Kyle was there to test the security of the company.
And if there were any questions, just call the boss.
So the guard calls his own boss and asks him if it's a real letter.
And his boss confirms it is.
And he comes back and he says, yep, yep, this is fine, officers.
Man, see, I knew I had something going on.
I knew it.
I didn't know what, but I knew it.
And he was talking to his cop buddies.
I guess he was really old friends with them.
And so he called them up personally and said, you know, like, guys,
I got some weird people here and they've got a badge that works and just
don't seem like they're supposed to be here.
I don't know what to do, you know?
So, and they just came cause they knew him.
So that was kind of a really lucky thing on his part.
Cause otherwise I'm sure the cops would have been like, I mean, okay,
we'll send a squad car, but like they sent the whole damn battalion after us, man.
It was like five or six cops there.
It was pretty, it was pretty crazy.
Kyle and his coworkers were let go and they went back to the hotel.
But they had one more day to kill while in town.
So they decided to go back once more in the middle of the day where there would be totally different security guards.
And their plan was to go into the lobby, badge into that door, all three of them walk in,
and then just wander around to see if any employees would spot if somebody was in the office who just doesn't look right.
Three guys just wandering around.
We went in and we were just walking around like normal.
Not a lot of people really even gave us a second look.
I was hanging out next to the coffee machine, like meeting pretty girls.
We were all just kind of doing our own thing, walking around the building, doing whatever we wanted.
And I kind of walked downstairs.
I see one of my buddies and I started walking over to him.
We were going to try and get out of here soon or meet up with our client or whatever the plan was.
And I noticed that he's in someone's office and he's taking pictures and i see someone see him do that right and so then i'm like wait a second i'm gonna sit down on this step here
just gonna watch this go down and so he likes the guy who saw him taking pictures starts getting
all of his buddies right and then there's this mob kind of forming around my friend and he doesn't
notice it because he's just taking pictures of people's shit.
And that's when I'm like, okay, I should probably come tell him that he's being surrounded.
And so I walk over, I'm like, hey, guys, don't worry, he's supposed to be here, this is okay.
And then they're like, well, who are you? So then they all kind of like turn to me, right?
And I'm like, whoa, whoa, guys.
All of a sudden, the situation seemed to unravel.
Not only was there a group of people wondering who this guy is taking pictures,
but now they're wondering who Kyle was.
And they were right to question them.
They didn't know these guys.
But even though Kyle has a get out of jail free card,
you only want to use that as a last ditch effort because it completely burns your cover.
It's okay to be stopped, but that doesn't mean you're caught. Now the next step is to try to leave the building, You only want to use that as a last ditch effort because it completely burns your cover.
It's okay to be stopped, but that doesn't mean you're caught.
Now the next step is to try to leave the building and get out of there.
Yeah, so as they're sitting there, like, I'm trying to get us out of it, right?
I can see, you know, this big guy over here positioning himself in front of this door over here.
And I can see this guy and this girl walking over to this other door over here.
I can tell they're boxing us in right now. Like they,
it's exactly what they're doing.
You know,
they're,
they've,
it's almost like they've coordinated the shit.
It was pretty wild.
I had never seen anything like it.
And then,
yeah,
you know,
as they're sitting there,
quote unquote,
distracting us,
they're,
they're doing that.
They're blocking us in and they're also going to get the authorities,
you know,
and then the security guard comes up, the head of security comes up, our point of contact. And, you know, obviously then everything
is explained and the whole office is in an uproar and everyone is just amazed and having a good time.
And it was, you know, as far as bad ending goes, it was the best bad ending I've ever had.
So Kyle and his team write up a report and deliver
their findings to the head of security. We had a great time with the executives.
They really enjoyed the story. They loved it, obviously. And the people who set out to
get things done based off of the information we provided by doing these engagements got what they
were after. So it was a win, win, win. Everyone had a good time and everyone got what they were after. So it was a win, win, win. You know, everyone had a good time and everyone got what they needed out of it, including myself. It was a lot of fun.
See, sometimes in the corporate world to get budget approvals, to improve security,
you need to demonstrate just how vulnerable you are. And Kyle and his team were able to
demonstrate many vulnerabilities, which got people to approve budgets for things to improve
security for the company. And this company quickly fixed a lot of the vulnerabilities that were found in this report. So that's what a few weeks hanging
out with Kyle is like. What a fascinating job. I'd bet I'd be good at this myself. I used to be a
master of sneaking into places. Abandoned buildings, amusement parks, movie theaters, exclusive events,
you name it. If only my guidance counselor told me about this kind of work when I was a teenager.
You've been listening to Darknet Diaries.
A very big thanks to Kyle for sharing his story with us.
You can follow Kyle on Twitter.
His name there is I Commit Felonies.
This episode was created by me, the Spaghetti Coder.
Jack, Reciter. And theme music was created by me, the spaghetti coder, Jack Recider.
And theme music was created by a digital minstrel,
Breakmaster Cylinder.
See you in two weeks.