CovertAccessTeam @Covert_Access

The FBI just remotely accessed thousands of compromised routers inside the United States to remove malicious DNS settings allegedly planted by Russian GRU operators. Read here: covertaccessteam.substack.com/p/the-fbi-remo… | #CyberSecurity #ThreatIntel #DNS #APT28 #InfoSec #Russia #NetworkSecurity

Oh, the irony.. CISA — the agency responsible for telling everyone else how to secure their infrastructure — reportedly had internal cloud credentials, deployment files, Terraform configs, and plaintext passwords exposed in a public GitHub repository: covertaccessteam.substack.com/p/cisa-just-pu…

Most operators are comfortable when they have backup. Our SOLO course is about what happens when you don’t. When you’re operating alone, every mistake belongs to you. Next course: June 20-21, 2026 | Virtual | €1500 | 12-20 CEST Learn more: covertaccessteam.com/strategic-oper…

Attackers are now using Microsoft Teams chats to socially engineer employees into infecting their own systems with malware. This article breaks down: — how the fake IT support chats work — why Teams makes the attack feel legitimate & more Read here: covertaccessteam.substack.com/p/attackers-ar…

Most companies prepare for physical attacks as if someone's sneaking in a window at night. But the most dangerous attacker is often the one everyone assumes belongs. Let's break down why physical intrusions almost always evolve into insider threats: covertaccessteam.substack.com/p/the-insider-…

We want people to leave our courses able to immediately apply what they learned in the real world. One student in latest PACT course said: “I came away feeling much more confident and prepared.” Overall, students rated it a 9.6/10! Next course: covertaccessteam.com

John-André Bjørkhaug has been developing specialized physical pentesting equipment focused on real-world PACS attacks, RFID exploitation, tamper bypasses & Wiegand interception. This article takes a look at some of John’s equipment: covertaccessteam.substack.com/p/john-andre-b…

Most physical pentest training assumes you have a team. What if you’re running solo? Our SOLO course is built specifically for experienced black teamers who need to plan, execute, adapt & problem-solve entirely on their own in high-pressure environments: covertaccessteam.com/strategic-oper…

Federal prosecutors say a Chinese aerospace engineer spent years impersonating trusted U.S. researchers to obtain restricted NASA and military aerospace software. Not through malware. Not through zero-days. Through trust. Learn more: covertaccessteam.substack.com/p/chinese-engi… | #CyberSecurity

keyboard_arrow_left Previous keyboard_arrow_right Next

A local sports celebrity. A believable pretext. One social engineer inside a bank. Patrick Laverty breaks down how OSINT, authority, and human behavior mattered far more than “breaking in” on this Covert Access Team Podcast episode: covertaccessteam.substack.com/p/interview-wi…

🚨 Last chance to join this weekend’s Physical Audit Certification Training (PACT) course. We won’t have another PACT course until November, so now’s your chance. Learn professional physical security audit methodology from experienced practitioners: covertaccessteam.com/physical-audit…

Ana Montes spied for Cuban intelligence for nearly two decades while working as a senior DIA analyst. She allegedly avoided many traditional data exfiltration indicators by using one of the oldest methods in espionage: Memory. Full story: covertaccessteam.substack.com/p/could-you-sp…

Toronto Police just announced the first known SMS blaster case in Canada. According to investigators, the attackers used mobile rogue cellular infrastructure to force nearby phones onto fake networks & push phishing texts directly into victims’ devices: covertaccessteam.substack.com/p/toronto-poli…

Spend this weekend getting certified to perform physical security audits 💪 There’s still time to join this weekend’s PACT course covering physical security assessments, covert entry, social engineering & real-world audit methodology. Learn more: covertaccessteam.com/physical-audit…

Another Covert Access Team course wrapped up earlier this month. The office was warned about the engagement beforehand. The students still got in. Physical security work is about adaptation, not scripts. Course recap: covertaccessteam.substack.com/p/last-weeks-c… Enroll: covertaccessteam.com/covert-access-…

Brian sits down with Alex Cole, the creator of Fitted, a new physical security tool built around a problem every physical pen tester understands: finding repeatable ways to exploit real-world access control assumptions. Listen on Youtube: youtu.be/tENt9DesK9E?si…

Most new physical pentesters want to jump right into physical pentests. For beginners, that’s usually a mistake. That’s why we built the Physical Audit Certification Training. Audits help you learn the fundamentals. Join our next PACT course May 23-24: covertaccessteam.com/physical-audit…

Federal prosecutors say a crew in Michigan moved ~400 high-end vehicles worth around $40M through a coordinated theft and export pipeline. Local theft → staging lots → shipping containers → rail/freight → overseas. Read the full post: covertaccessteam.substack.com/p/gone-in-60-s…

🚨 Covert Access Team is offering free physical security penetration tests and audits to a limited number of European companies. 🚨 Interested? Email [email protected] to learn how your company can be considered. #CyberSecurity #PenTesting #PhysicalSecurity

Most teams waste recon time. Not because they’re lazy—but because they don’t know what “done” looks like. Let's break down how we structure recon across OSINT, long range, short range, and embedded—and what you should accomplish before moving closer: covertaccessteam.substack.com/p/recon-playbo…