After a long security team meeting, garnished with lots of pepperoni and green olive pizza, we divided the staff into 2 teams. Team A started scanning and probing the target department’s servers in search of vulnerabilities that would provide us with admin access over the network.
Team B started planning a physical intrusion in case Team A failed.
After a couple hours, I was notified that the vulnerability team came up short. None of the identified vulnerabilities could be used to escalate our permissions.
A member of the physical intrusion team called maintenance and requested help from a specific maintenance guy: Zeke. The security team member said that we “needed Zeke’s help locating an electrical breaker panel” in a certain department.
This is the fourth post in a series. See Behind Locked Doors: Part 3. The next post will be the conclusion.
Zeke had worked with my team before and knew not to ask any questions. He was one of those guys that made your job so much easier. For that reason, we occasionally paid for Zeke to attend a couple of pro baseball or basketball games with us each year.
When Zeke arrived, he led one of my guys past the office that contained the servers. As my guy walked by, A quick glance revealed that the office had a standard door, with the hinges on the outside. Piece of cake.
Zeke kept walking and located the panel in a hall closet. After asking Zeke a couple “required” questions about the panel, my guy thanked Zeke and walked back to my office.
The team waited until 5 pm and started casually strolling by the department, a different analyst every 15 minutes, to see how many people were still in the department. We hoped no one was pulling an all-nighter.
Meanwhile, I stopped by the security guard office to ask about the nightly rounds the security guard made, and when the guard walked through each department, and how often.
I explained that my team would be doing some wastebasket auditing that night in 2 departments, emptying all waste baskets in the area. I told them that I just wanted to give the security guards a heads up.
The security manager thanked me for the notification; he’d inform the night shift so there wouldn’t be any trouble. He said that he remembered us doing the same thing last year (and you thought that only internal audit did SALY).
What he didn’t know was that the operation was mostly a decoy, and that one of the departments was the one that the guard walked through just before the department with the rogue servers. And that if our intrusion was running late, we’d find a way to delay the guard.
Finally, at 9 pm, one of my analysts reported that everyone in the target department was gone.
Security wasn’t due to check that department again until midnight.
With a little luck, we’d be done by then. With a lot of luck, we’d be in bed.