HeadlinesBriefing favicon HeadlinesBriefing.com

Red Teamers Exploit Snow Shoveling for Network Access

Hacker News •
×

Professional red teamers gained deep network access to a client's infrastructure by posing as new IT employees and offering to shovel snow. The exploit began during winter when a maintenance door was left ajar. The team leveraged the goodwill generated by helping with snow removal to gain physical entry and plant a Raspberry Pi on an unsecured network port.

Once inside the conference room, the single-board computer, hidden with trash cans, remained undetected for two weeks. During this period, the red team successfully connected to the company's Active Directory. They then used a weak password, "winter2023!", which was reused across dozens of accounts, to map network shares and escalate privileges.

The attackers further exploited vulnerabilities in the Active Directory Certificate Services (ADCS), specifically ESC1, ESC4, and ESC8 templates. This allowed them to achieve domain administrative access before the Raspberry Pi was eventually discovered by a janitor. The incident highlights critical failures in physical security, network access control, and password policies, including a lack of multi-factor authentication.