Chapter 17Doppelgangers Exist
For those of you who do not keep up with myths and legends or have never played Dungeons & Dragons, there exists a creature that can impersonate another: a doppelganger. Doppelganger literally translates from its German origins as “double walker”—a ghostly apparition of another living being. In this case, mistaken identity played a key role in my ability to infiltrate a client's building.
Washup meetings or debriefs are vital to any assessment, whether a physical assessment or a digital penetration test (pentest), that gives a company an overview of its digital vulnerabilities before criminals find the same faults. Even if the assessments are successful—and particularly if they are not—debriefs allow the client and I to go over every step and learn from mistakes or issues. They allow us to have an honest dialogue about what happened, when, and how. Many people overlook them, but to me, they are one of the most important elements of a test.
A debrief of a particular physical assessment made me stop and pause and led to the client having a serious chat with the CEO.
I have already mentioned many times that a key aspect of physical assessments is dressing the part. I have also mentioned that my job is to find the lowest bar of security. This often means my dress code and behavior degrade over time to see what triggers a security reaction.
I had been going into this building over the course of a week. At first, I dressed smart/casual like the rest ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access