Once inside the site Dan knows how to open doors, filing cabinets and desk drawers. He’s armed with lock pick keys known as jigglers, with multiple contours that can spring a lock open.
He’s searching for passwords written down, or will use a plug-in smart USB adaptor to simulate a computer keyboard, breaking into a network.
The final step in the so-called kill chain, is in the hands of Stanley.
A cyber security expert, Stanley knows how to penetrate the most secure computer systems, working on the reconnaissance report from his colleagues.
“In the movies it takes a hacker seconds to break into a system, but the reality is different.”
He prefers his own “escalatory approach”, working through a system via an administrator’s access and searching for a “confluence”, a collection of information shared in one place, such as a workplace intranet.
He can roam through files and data using the administrator’s access. One way a kill chain concludes is when Stanley sends an email impersonating the chief executive of the business via the internal, hence trusted, network.
Even though they operate with the approval of the target customer they are breaking into a site as complete strangers. How does this feel?
“If you’ve gained access to a server room that is quite nerve-wracking,” says Dan, “but it gets easier the more times you do it.”
There is someone at the target site who knows what’s going on. “We stay in touch with them, so they can issue an instruction ‘don’t shoot these people,’” Charlie adds.
Credit: Source link
