• 520@kbin.social
      link
      fedilink
      arrow-up
      26
      ·
      edit-2
      1 year ago

      So there is a type of cybersecurity job known as a ‘red teamer’. It is a special branch of offensive security, and differs from the likes of a penetration tester in that they fully act like blackhats as much as is possible without actually doing intentional damage.

      That means, you plan an attack, you plot a way in and you reach a given objective. How you do so is up to you; you are not limited to digital attacks just as real attackers wouldn’t be. You can rock up to site in disguise and walk your way in if you so feel that’s the best route. Tailgating, lying to people, cloning ID cards, or have a friend joyride on an escooter to provide a distraction while you hop a fence, it’s all fair game.

      The only things you aren’t allowed to do is pretend to be a boss and threaten to have someone fired (or other shit that could cause mental harm) or intentional physical damage to property (eg: lockpicking is fine even if you accidentally fuck up the lock. Wire cutting generally isn’t)

      The assignments where we rocked up on site were my favourites. It was always a rush slipping by people and hoping I didn’t arouse suspicion.

      These things take months to plan though, so we pick high value targets owned by the business employing us. The person in charge of that facility will be notified that something is about happen but not crucial details that can throw the test, such as when it will happen. I can’t go into details about the targets I’ve hit (red team NDAs make regular NDAs look like Donald Trump’s attitude to confidential information by comparison) but they’re the kind state sponsored attacker’s and organised crime outfits would typically hit.

        • 520@kbin.social
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          It was an amazing job. Pays well too. Easily in the 6 figures if you’re in America (although that comes with additional risks…)

      • Hasherm0n@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        I used to do penetration testing and only got to dabble in physical penetration testing a couple of times. Hell of a lot of fun.

        For anyone reading this chain and interested in hearing more, this is a pretty fun interview with someone known for doing physical presentation testing.

        https://darknetdiaries.com/episode/134/

        • 520@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Darknet Diaries is such a good listen in general for anyone interested in this kind of thing

        • Herbal Gamer@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          I always love hearing about these kinds of stories but I can’t ever find a good explaination of how to actually go about getting into this line of work.

          Seems like most people kinda stumble into this through people they happen to know.