All in Red Teams
Morning chaos is usually a good time to tailgate someone and sneak into your target. Each company has its own morning chaos time, a little recon can show you when it's the best time to try this.
The trick is to appear as if you belong. Wear the right clothing, have a fake badge that looks the part (again, recon will help you with this, take pictures of actual badges), be on the phone with a customer and just walk right in.
Once you are inside try to get to the network and begin your digital recon.
JS and I managed to get inside our target a while back. This was one of those projects where everything works and you just have it.
Some time ago, we had one of those really fun projects. In this project the target was the CISO (Chief Information Security Officer). His boss was concerned that he was too open and wanted to see whether we could extract information from him.
CISOs are public figures, especially on large corporations. Because of this, there is a lot of open source information available. LinkedIn, Facebook and other social media sites provide a really detailed picture of the target.
After about a week we had pictures, personal information, and other useful tidbits of information relevant to our project. The main piece of information was that he owned an Android phone.
It happened once. It happened again.
While we were visiting several customers in Europe, we went to visit one of our customers that always requests for deeper and better assessments on their networks and plans. A large multinational corporation, last year we managed to get their marketing plans after blending in with their marketing staff.
This year, the security director asked us to try to penetrate the Board of Director's meeting. Like last year, blending in proved to be a good tactic.