this post was submitted on 23 Nov 2023
170 points (92.5% liked)

World News

39032 readers
2317 users here now

A community for discussing events around the World

Rules:

Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.

We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.

All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.


Lemmy World Partners

News !news@lemmy.world

Politics !politics@lemmy.world

World Politics !globalpolitics@lemmy.world


Recommendations

For Firefox users, there is media bias / propaganda / fact check plugin.

https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] 520@kbin.social 9 points 1 year ago (9 children)

Ahh this takes me back. My previous line of work had me pulling exactly this kind of shit, except I was getting into higher value targets.

[–] LufyCZ@lemmy.dbzer0.com 5 points 1 year ago (8 children)

You can't just say that and leave come on

[–] 520@kbin.social 26 points 1 year ago* (last edited 1 year ago) (6 children)

So there is a type of cybersecurity job known as a 'red teamer'. It is a special branch of offensive security, and differs from the likes of a penetration tester in that they fully act like blackhats as much as is possible without actually doing intentional damage.

That means, you plan an attack, you plot a way in and you reach a given objective. How you do so is up to you; you are not limited to digital attacks just as real attackers wouldn't be. You can rock up to site in disguise and walk your way in if you so feel that's the best route. Tailgating, lying to people, cloning ID cards, or have a friend joyride on an escooter to provide a distraction while you hop a fence, it's all fair game.

The only things you aren't allowed to do is pretend to be a boss and threaten to have someone fired (or other shit that could cause mental harm) or intentional physical damage to property (eg: lockpicking is fine even if you accidentally fuck up the lock. Wire cutting generally isn't)

The assignments where we rocked up on site were my favourites. It was always a rush slipping by people and hoping I didn't arouse suspicion.

These things take months to plan though, so we pick high value targets owned by the business employing us. The person in charge of that facility will be notified that something is about happen but not crucial details that can throw the test, such as when it will happen. I can't go into details about the targets I've hit (red team NDAs make regular NDAs look like Donald Trump's attitude to confidential information by comparison) but they're the kind state sponsored attacker's and organised crime outfits would typically hit.

[–] LufyCZ@lemmy.dbzer0.com 3 points 1 year ago (1 children)
[–] 520@kbin.social 5 points 1 year ago

It was an amazing job. Pays well too. Easily in the 6 figures if you're in America (although that comes with additional risks...)

load more comments (4 replies)
load more comments (5 replies)
load more comments (5 replies)