Let's Get Physical
3 hours ago
- #social-engineering
- #physical-security
- #pentesting
- A company hired a pentester for a series of security tests, including physical penetration testing.
- The pentester and their colleague successfully infiltrated multiple buildings without being challenged by security or employees.
- They stole a shredding bin containing sensitive documents, proving a significant security flaw.
- The team attempted to bypass door sensors using compressed air but did not confirm if it worked.
- They accessed the director’s office by exploiting an unlocked door and left a business card as proof.
- The pentester tried to enter the server room by manipulating a cleaning lady but was ultimately stopped.
- On the final day, they deliberately got caught by stealing a flag in front of cameras to test security response.
- The cleaning lady was the only person who effectively denied access, demonstrating strong security awareness.
- The pentester left business cards in unauthorized areas to prove breaches during the final report.
- The test revealed major physical security weaknesses despite strong IT security measures.