Author: Tim Roberts

War Story: “Can I see that?”

August 18, 2022

When traveling for these types of assessments, we always consider the location of a client’s facilities. Often, we’re fortunate enough that these locations are adjacent to a hotel, café, food court, or a shared facility in general. How does this help, other than the convenience of a nap or food in between efforts? To a malicious actor, one can use this to conduct passive reconnaissance to gather useful information which is anything from the target facility’s dress code, ingress/egress points, security camera placement, style of… … More War Story: “Can I see that?”

War Story: The Key

February 10, 2021

Assessment Type: Covert Physical Security Assessment (Onsite)Target Type: Corporate Financial Institute Assessment Background When performing red team engagements that include physical and onsite social engineering components, our ability to piggyback/tailgate into target buildings and sensitive areas has an extremely high success rate. Walking in a confident manner and going through the motions of “badging in,” is simple … More War Story: The Key

War Story: Piggyback BBQ

October 7, 2020

Assessment Type: Red Team (Onsite)Target Type: Corporate Healthcare Institute Assessment Background With a loose-fitting patterned tie, white button-up shirt, some gray slacks, and a fake badge draped around my neck (that I had made up and printed at the hotel earlier that morning during breakfast), I was dropped off at the target facility by a fellow consultant. … More War Story: Piggyback BBQ

DerbyCon 2017

September 27, 2017

What a blast this year! As always, DerbyCon was a huge success. Paul Oakenfold was cool to see live, although he had zero energy and seemed like he was just ready to leave. DualCore always keeps it real, Busta is…well… And, a big shout out to Dave Kennedy and team for putting together one of … More DerbyCon 2017

10 Classic Cons

February 7, 2017

As a pentester and former street magician, I have used distraction and trickery to divert the attention of a target, mostly through social engineering. This has helped me professionally and during parties. A 2014 article written by Kacey Henley lists some of the old fashioned short and long cons (albeit names vary) that still work … More 10 Classic Cons

IBM POS System Keys

December 22, 2016

So, apparently many IBM POS (MM987 MM926 code cut numbers) systems are keyed alike. Give it a try on your next physical security assessment where they may be used: eBay Link

Hacking WPA Enterprise / hostapd-wpe

November 25, 2016

Using the hostapd-wpe toolset is the easiest way to run an attack against WPA Enterprise implementations as everything is already built-in. The attack requires a compatible wireless card. The hostapd-wpe version has been updated from 2.1/2.2 to 2.6, which now allows for 802.11n/ac traffic as long as it’s supported by your card… https://www.offensive-security.com/penetration-testing/hacking-wpa-enterprise-with-kali-linux