I worked in this building that was supposed to be the end-all and be-all of security. Mandatory badge-in and out with an alarm that would sound for tailgating. RFID badges so weak the readers couldn't pick them up through 75% of the company-issued plastic sleeves. Floor-specific elevator access. Cameras everywhere, every office had glass walls, there were no cubes, only open desks, desks had programmable electronic locks. The only things they used wafer locks for was the actual toilet paper. Let me tell you, it was a shitty place to work. Sickdays skyrocketed once we moved to that building. Covid just might have prevented an employee revolt. It turned out that human beings used to a low security environment hate high security ones, at least those built by the lowest bidder.
So we train security to look out for someone wandering the halls wearing a hoodie and shades. Got it. One data center I worked in had an RFID system (LF and I doubt the tamper switches were connected) and had two main entrances to the server room. One was through the operations center which was staffed 24/7 but the other was through the loading dock. The loading dock had an RFID reader to gain entry from the corridor, but it also had a sensor that was sensitive enough to pick up a pass from a couple of feet away. All it took was someone walking down one side of the corridor to unlock the door, and that corridor was the only link between one of the cube farms and the break room, with the free coffee in it. I don't know why they felt that one door needed such a large reader.
That seems like a serious lapse in security, I could imagine standing outside of that door just waiting for someone to pass by and inadvertently let me in!
I was once working as a subcontractor at a government facility (the kind of facility who's contents terrorists would love to get their hands on) we were required to have an escort and were given very limited access temporary badges..the contractor being very annoyed waiting on on our escort to let us through all the necessary doors took me to the main desk and informed the untrained and clueless secretary that I had been given the wrong badge ...she promptly apologized and I was given a all access badge to the facility.... more of a social engineering story but thought it was worth sharing..keep up the good content 👌👍 ..as a legal addendum the badge was returned after a job and was only used to gain access to our work area
Thank you very much for giving a walkthrough of a real life job that you've been on, and successfully completed. Even though it was only a short video I thoroughly enjoyed it, and watched it a couple of times to absorb all the information.
If they weren't so lazy, and installed anti-tamper switches on all keypads, and ran all signal wires thru electrical metal tubing ("conduit"), and required all employees to use RFID-shielding badge holders, AND repeatedly re-trained employees regarding tailgating, we might have more serious security in such buildings. But then I guess we would live in an alternate reality - where drivers stop at stop signs and signal before they turn. Congrats on your successful penetration!
@The Gray Fox I have been in high security facilities where only one person could fit in the entrance booth at a time and you had a pass and a fingerprint scan to get out of the booth. It is possible to improve security but it costs and is less convenient. If using rfid connecting the freaking tamper switches up to the controller should be an absolute minimum.
@@adammorris8112 I can only guess - the 'hard' anti-tamper feature requires an additional wire which adds (minimally, IMO) to the installation cost. Failing to enable the AT feature is a good example of being penny-wise and pound-foolish. Another easy mod I would argue for is running these wires from the mounting box via metal conduit to an intermediate pull box accessible only from the secure side. After installing of the card reader, pull the wire (gently) from the pull box until taut and anchor it in the pull box. This makes the insertion of a credential-grabbing intercept device on the cable much harder - the reader can't easily be pulled from wall.
@@joeb3300 indeed, if you can access the cable the anti tamper switch is pointless. So both would be ideal. I get that this only raises the bar so far, but as we know security is like an onion cake or something... Oh, and I have worked in buildings which mag stripe rather than proximity. Harder to steal from a distance, but just as easy to tailgate.
Could you elaborate a little bit on how does a deal with such companies go. Do you set a certain range of dates for your visit, or do they know exactly when are you coming? If someone catches you how will they know not to arrest you or use violence? If you get caught, do you come back another day and test other possible entrances and exploits? Regardless of you answering or not your video was excellently made, bravo!
I just discovered your channel. I am a retired Master Lockwright and have spent a very successful career as the first line of protection for companies against such threats. I have found that lazy people resist the amount of effort to affect the sort of real security it takes to mitigate even a mildly sophisticated attack on their systems. I have found "stupid user" mistakes like passwords under keyboards (You'd be surprised [or maybe not] at how many safe or vault combinations I have seen on sticky notes in secretaries' desk drawers!). I like your vids and wish I could work as physical security trainer for teams like yours.
This was really interesting, and you should definitely do more! I'm a student looking to get in to Red Teaming and Cybersecurity, so your channel is a great resource!
Cool Vid. Interesting that they'd have a Kbox in a custodians closet. We have custodian rooms all over the place but none have key boxes. I think they just make each employee keep their own set. The kboxes here are always in heads of departments or copyrooms. Nice to see you use the esp. It's so easy getting credentials here I don't bother hacking their RFID anymore. Plus they use SE/SEOS though it IS legacied. I still like doing things the mechanical way, lol. If you have time, what kind of $$ do you make on a job? I have thought of maybe doing it for a living. I'm the dude that was living at a University, I commented on your vid's a few years back- still there. I kind of just part time it but I try to get keys or cards every weekend or do some kind of penetration. The U is amazing, it's just an endless field test to do whatever you want. I been fucking with El's lately. They use the AE102 for the panel box. Now, all the El's have card access= but I just open the panel and turn it off= opens up whole buildings as like your video- commons is 1st and restricted will usually be all the floors above/ or it will be like the back half of a building and the front will be commons, stuff like that. I would like to thank you for making all the vid's you have= they've been super helpful. You and Dev are the only Pen testers I know of on YT, so. Anywho, laters.
Was there any physical presence of security personnel in any of the segmented areas? It's insane to think that throughout this access restricted building, no-one had the confidence to challenge you. Maybe your Rfid credentials belonged to the CEO ; the faceless, unseen, all powerful entity who's badge sent alarm messages of "look busy, God's Coming" to every workstation in the building! Thanks for another superb video.
The type of institution this was at had a police force, but they were also a very large institution and the police that they did have weren't roaming the halls, they were out and about on the campus.
@@amihirata This is all the more sad. A police force on campus, suggests there were concerns for the people legitimately there. If Privilege Escalation created the opportunity to severely breach security, that certainly compromised the safety of all on the facility. A tragedy just waiting to happen.
Why are key boxes always so vulnerable? I was working in a University where they had a high tech key box. It was computer controlled, required RFID and code access, would only unlock one set of keys, had NFC to read all the key sets in the unit, and was left unlocked because it didn't work right. So instead for the important keys they had one of those beige boxes that is faster to open with anything other than the correct key. Wizard's' First Rule; People Are Stupid.
It all depends on the levels and layers of security. Lots of key boxes aren't made to be security devices, usually they're supposed to be stored in secure environments and are really only there for key management and storage. That said I have seen my fair share of key boxes which are left out in the open and only guarded by wafer locks.
![[71] Path of Least Resistance: Red Team Stories](/img/logo.svg){kind=logo}
