Every large information security firm in the market offers physical pentesting, and most large in-house security teams do semi-regular physical pentesting. I was hoping this would be a story about the complications of doing physical pentesting on sites where the use of deadly force is authorized, but instead it's an article of the type you'd have expected to read in the late 1990s, when this stuff was exotic.

> He prefers his own “escalatory approach”, working through a system via an administrator’s access and searching for a “confluence”, a collection of information shared in one place, such as a workplace intranet.

Was this a mistaken transcription for Confluence, the Atlassian app?

Ok, so, assuming these facilities are indeed "top secret bases" that have armed security, military or otherwise, how do red teamers not get shot? Do they get right up to but not complete the intrusion? Do they inform security of the intrusion attempt and, if so, how do they defend against the hilarious possibility of actual baddies working at the same time?

These questions might have obvious answers. This isn't my line of work. I'm honestly interested in how they accommodate the need to (a) not kill the vendor and (b) still protect the facility.

In the US we just outsource the job to nuns: https://en.m.wikipedia.org/wiki/Megan_Rice

The Darknet Diaries podcast features a lot of fascinating first-hand accounts of penetration testers breaking into places.

One of my favourite episodes is the account of two people breaking into a US courthouse[1], it's both exhilarating and terrifying.

[1] https://darknetdiaries.com/transcript/59/

FreakyClown (ethical hacker) has a recent book on this subject

How I rob banks

https://www.amazon.com/How-Rob-Banks-Other-Places/dp/1119911...

Interesting but it ended so.. abruptly! I was hoping for a LOT more. I think if you're interested in this subject area you must get a copy of Ghost In The Wires, and The Art of Intrusion by Kevin Mitnick.

It would be fun to read a detailed writeup for just one successful infiltration. All the small details, step by step.

Anyone have any movie recommendations for a more modern version of Sneakers (great movie)?

Is this an ad for Leonardo? 'Greg would only speak to BBC under a pseudonym'...really? There are many professional, military-or-adjacent red team folks who'd gladly speak to BBC with real names and credentials...

Annoying that the article is more focused on "there's people that get paid to break into things" more so than "these are the complexities of breaking into a base".

Physical pentesting or red teaming isn't anything new

Hmm, feels like the article could have been so much longer.. it's a pretty cool topic. Sadly, all the 1-or-2-sentence paragraphs makes it feel like a Goosebumps novel or something. Really awkward presentation.

How does one get into the physical security space? I can pick a lock, climb a ladder, jump a gap, and lie to authorities.. I would love to do this for a job.

> The objective might be to stop a process from working, such as the core of a nuclear power plant.

This sounds quite difficult, if not impossible :)

It looks like they target firms/premises without a centralized biometric access.

Uh. So what?

At a European hacker con we had the custom of keeping crew badges in the first room to be occupied by us and our security. To get your crew badge, you had to get into that room without authorization.

Everyone worthy of being called "crew" did succeed.

Yes, these are called red teams and this has been a thing for decades.

Why is this relevant to Hacker News?