Went out on a Red Team job this weekend, it wasn’t very exciting. During recon earlier in the week, an employee left their card key out, and at the right time we just passed our device by it and read the code in about 1 second. Didn’t even have to touch the card. This allowed easy access to the premises. With the code, we were able to clone an identical card. Walked right in.
Please make sure you secure any fob, keycard, or other wireless device used to provide access to secure locations. Before the proliferation of the keyard, we already had other attack vectors. That’s what recon is for. Once we had the keycard code, we went home.
Stay tuned to see how the Blue Team fairs.