
Rappelling Off a Roof - sciurus
http://redteams.net/blog/2013/rappelling-off-a-roof
======
redteamer
Throwaway here. A couple years back, we thought about hiring this guy for a
security assessment, so we looked into him.

He didn't check out. He appears to be lying about his military background in
Israel and has little in terms of information security skills. No
certifications. Nobody in the field knows him. He refuses to provide any proof
of his claims. His blog posts are vague ramblings without real substance.

He's what's known as a "charlatan" in attrition.org lingo. I'm not sure why he
hasn't been called out by Attrition yet, but he's probably flying below their
radar.

You can easily find his real name and do some Google and Archive.org searching
and see that none of his story or timelines check out. He did work in an
entry-level security position for a Waltham, MA company for a short time.

The best I can tell is that he's an EDC gear junkie with dreams of being a
spy.

PS: He is not affiliated with the fine people at GORUCK.

~~~
snowwrestler
It's obviously made up. Rappelling this way would not work and you would have
a good chance of killing yourself.

When rappelling with an ATC you lock the rope off, and control your speed, by
pulling the free end of the rope downward. Feeding your slack out of a
backpack you're wearing would force your hand upward as the slack came out and
the rope started to bind on that tiny hydration hose hole. If you're lucky the
whole system would lock up; if you're not lucky you'd lose control of the
rappel and fall.

For future reference the way to rappel with a rope is to stack it into the
pack, open the pack up nice and wide so the rope will feed freely, then clip
the pack to your harness with a sling so it hangs below you. Or use a rope
bucket, which is expressly designed for this purpose.

~~~
bofh69
I didn't read the blog post as a step by step instruction, more like some
commercial for the bag.

I've done quite a few rapells and sometimes keep my rope in my closed rope bag
on my back (with compression cords in place) if there is a large risk of the
rope getting entangled with the environment, I'm on a bridge over a road or
I'm on a cliff above salt water.

I use a french prusik on the rope below the ATC and pull the rope out of the
bag at the same time as I pull down the prusik. Often the rope gets slightly
stuck, a harder pull on the rope has freed it for me every time and I never
take care when putting the rope in the bag so I would think a proper packing
of the rope would decrease that risk a lot. Should the rope get really stuck I
would simply take off the bag and open it up while hanging in the harness. Not
a big deal at all.

~~~
snowwrestler
Have you tried clipping your bag below you, like on a sling off your harness?
It takes only a few seconds longer to set up that way, and the rope feeds
pretty easily because it's coming out in line with your brake hand. It's also
a bit more stable because the weight of the rope is on your harness instead of
above it (as when you're wearing the backpack).

------
vonmoltke
Problem #0: Security did not search his bag on entry, thus allowing him to
bring rapelling equipment to a software sales meeting.

Problem #4: Security has inadequate visitor monitoring procedures, thus
permitting a visitor who required escort to hide inside the building. No, I am
not confusing this with #3; his escorts not bringing him to the front desk or
whomever is (or should be) logging visitor arrivals to log his departure.

~~~
Crito
> _" Problem #0: Security did not search his bag on entry, thus allowing him
> to bring rapelling equipment to a software sales meeting."_

Realistically, what sort of security guard would actually stop him when they
found the climbing gear? Unless they receive some special training, they'd be
looking for weapons. The climbing gear would probably raise their eyebrows,
but could easily be explained away _( "I'm going to my climbing gym later this
evening")_.

Relying on security guards to consider the possibility that their guest might
be planning on repelling from the roof down into a secured floor doesn't seem
practical.

~~~
ecnahc515
Even that could be accounted for. If you have 'questionable' items, security
could ask that you leave them at the front desk, and you can pick them up on
your way out.

~~~
toomuchtodo
I'd deliver that gear to the roof by quadcopter the night before.

~~~
cobrabyte
Simple solution to a simple problem.

------
hadoukenio
I wonder how many people stopped half way and searched for "GORUCK GR1".

Now I wonder if I just read a cool blog post with product placement.

~~~
MrBuddyCasino
And lets not forget the Black Diamond ATC Guide and the Petzl Tibloc!

~~~
dmix
The blog has a whole section on 'gear' as well. Maybe it's the monetization
strategy?

~~~
kev009
Or simple "gear whoring". Working in lucrative tech can allow for expensive
toys, and the personality type of a tech pro as a tool maker/builder crosses
over to other hobbies/interests. See also
[http://www.militarymorons.com/](http://www.militarymorons.com/) which I
believe is primarily self funded.

------
pbhjpbhj
This reads as a fictional advert for a backpack.

~~~
jrwoodruff
Has to be.

 _the GR1 protected the laptop really well, by the time I was inside the 5th
floor it was pouring outside and the laptop and gear remained dry._

What does that have to do with anything? Don't know, don't care. Just sad that
this is the top post right now, complete with supporting commenters/marketers.

------
yathern
This is something of a dream job of mine. As a college student - does anyone
have suggestions of what steps to take to be able to do something like this
for a living? I have a small amount of experience with hacking (pen testing my
own sites for fun and learning) and I have a decent understanding of a wide
range of network security and vulnerabilities. But I don't have very much
knowledge on the physical side of pentesting. How would I gain this knowledge,
or is it something that you're expected to learn simply from experiences in
the field?

~~~
theoh
Caving is very technical and can involve a lot of rigging ropes for abseil and
prusiking (going up). It's not really a career, though, and you need to have
access to an area with the right geology for caves. Yorkshire is excellent.

Judging from the "professional" section of the Petzl website, being a
steeplejack, rescue crew or arborist (tree surgeon?) is the best way to get to
use this equipment and get paid for it.

~~~
brianmwaters_hn
I just got done with a three year "mini career" in industrial rope access,
where I got to work on-rope on wind turbine blades, in oil refineries, on the
sides of high-rise buildings, and even one job up in the rafters above a
professional football (American football) stadium. I'm now working towards a
first job in IT or app dev, so this article is right up my alley. Nice work ;)

If you're interested in a job working on-rope, and, uh, learning the ropes, I
suggest you take a look at rope access. It's a small niche industry, but pay
is very good, technicians are treated well, and many companies offer an
"alternative" work schedule/lifestyle where weeks of travel work are
interspersed with weeks of total off-time - and good technicians can sometimes
choose how much they want to work (or not work).

If anyone's interested, run a Google search for SPRAT and IRATA (those are our
professional certifying bodies), and look on those sites for companies in your
country. You'll have to take a week-long course (it's hard) and pass an exam
before you're allowed on a job site, but if you have the stuff you'll pass,
and most companies are hiring.

~~~
doorhammer
Interesting; I wish I'd known about this a few years back. Might have been a
better option than moving companies and gas stations.

But really, my friends and I used to do a lot of building climbing for kicks
when I was younger (probably four to five stories usually) and there was a
long period where that kind of job would have been way better while I learned
to code than the random crap jobs I ended up doing.

Looks really interesting though. Probably going to do some research into this.

Is the course integral to the job or is it the kind of thing where you pay for
the course/licensing/certification then go look for a job? Seems like it might
be interesting to look into just for the certification.

Of course... I have no idea what all this is like, so I might research for
five seconds and realize that's lal stupid to ask

~~~
brianmwaters_hn
There are a lot of companies that claim to do industrial rope access outside
the scope of the certification programs, but be skeptical of them at first.
(That doesn't include companies in other rope disciplines that are different
from rope access, like tree climbing and entertainment rigging. Those are
different trades. RA takes most of its methods from caving, and some from rock
climbing.) If you want to learn to do it right and have a good experience on
the job, "go legit." But that means you'll have to get certified. Unless you
have specific, in-demand skills (electrician, fiberglass technician, weld
inspector), few companies will pay for your first course - you'll just have to
pony up $1000+ on your own. However, once you get a job, they'll pay for your
re-certifications, as well as follow-up courses that you take as you get more
experience and climb up through the certification ranks.

~~~
doorhammer
Ohhh, yeah. Sorry. I reread what I said and realized I expressed myself really
poorly.

I'm interested in taking the course _without_ getting a job doing it, not the
other way around. I was wondering how much it was to take it on my own dime.

I should have said something like "I'm interested in the course; can you take
it and not get a job using it, or do you have to be on a job-track through a
company to even take the course?"

I used to be a pretty avid rock climber and I'd be really interested in
learning the techniques and types of equipment they use.

Reading my post, the climbing buildings part probably didn't reduce the
perception that I was trying to do something risky, either

~~~
brianmwaters_hn
Well, yeah, you can just pony up the cash and take the class. Your experience
would be something like this:
[https://www.youtube.com/watch?v=xUDob3m6rds](https://www.youtube.com/watch?v=xUDob3m6rds)
\- it's really technical, and really challenging. If you have the cash to
waste, and a week, it could be fun.

~~~
doorhammer
Yeah, I'll have to look into it. I assumed you could take the course, but I
didn't know if you'd need to be sponsored by a company or anything like that.

I don't know that I'd see it as a waste of money. I just like using my
vacation time and money to experience something completely different and new,
while learning new skills. Even if I'm not out doing something more
interesting and engaged, I'd just end up hiking around finding a place to hang
a hammock and read a book on coding or a technical paper.

My wife says my vacations aren't vacations because I never look like I'm
relaxing in the classic sense. I'm not kicking back on a beach with a pulpy
novel, usually (not that there's anything wrong with that). For me, a vacation
is a time to psychologically recharge, and I get that by engaging myself, but
on my own terms. Along with that, depending on how long the certification
lasts, it's not that bad to have a backup skill/cert in the wings.

I've also found that it's really valuable to get insight into what other
people do to make the world go round. Gives me a better respect and
understanding of things in general.

------
maqr
> After a week of recon I found out that the 4th and 5th floors are only
> accessible with a very specific card via the elevator. I didn’t have that
> card. Even if I get to the elevator I could not go to the 5th floor

See
[https://www.youtube.com/watch?v=ZUvGfuLlZus](https://www.youtube.com/watch?v=ZUvGfuLlZus)

~~~
icedog
Interesting that one of those presenters is named Howard Payne. Along with
Payne being an elevator company, Howard Payne is the name of the antagonist in
'Speed', who hacks an elevator...

~~~
Crito
I get the impression that that is not actually his name. ;)

I believe this is his twitter account:
[https://twitter.com/SgtHowardPayne](https://twitter.com/SgtHowardPayne)

~~~
icedog
Ahhh, that explains it. Thanks for the detective work.

------
jberryman
Is this a real thing, or is this whole site just sort of autistic ramblings of
a wannabe spy? I guess I'm inclined to believe the story only because it's not
particularly exciting as fiction.

------
dsjoerg
One part I didnt understand: if the rope is attached to a solid object on the
7th floor, how did s/he retrieve the rope once inside on the 5th floor?

~~~
jonah
Possibly either loop the rope and descend on both ends - once inside retrieve
by pulling on one end, alternately, use a knot that only holds under tension,
once inside, shake rope to release knot, finally, it could be fantasy and the
author didn't consider that detail.

~~~
steveax
A 70m rope (depending on the building) should manage 7 floors with a double
strand (only just, and you'd want to use some webbing to anchor to the edge).
The fact that he mentions a tibloc indicates he was rapping on a single strand
though as that device would not handle a double strand ascension. I doubt I'd
be comfortable anchoring to an AC unit though. Also, really, don't try this at
home. There are lots of non-obvious hazards here. For instance, climbing ropes
are incredibly strong and in practice, just don't break, unless, oh, say, they
are weighted over a sharp edge like the corner of a building. And no, do not
try the "shake the (insecure) knot free" technique, really. Rappelling is
(statistically) very dangerous as it is one of the few situations in climbing
where you are trusting your life to a single point of failure (redundancy is
good! and is probably responsible for more deaths than climbing falls are [1]

[1]:
[http://publications.americanalpineclub.org/search/solr?all=R...](http://publications.americanalpineclub.org/search/solr?all=Rappelling)

~~~
jonah
Good points.

To add to your comment, he only descended two floors, 7th to 5th, so wouldn't
need nearly as much rope.

~~~
steveax
Yeah, but it'd be nice to be able to bail down to solid ground ;-)

------
pistle
This is like a deep ad for backpacks, right? Alpha Mac Infosec Warrior thing -
like if you love minimalism and jingoistic tech-spy novels, we've got the gear
for you?

I prefer that to the alternative - that someone is purring while looking at
OCD pocket dumps of watches, wallets, pocket knives, and patches.

------
mabbo
My job will never be as cool as this guy's job.

------
lordbusiness
Crikey! As an avid rock climber reading this, I'm terrified for the author's
safety. :-)

~~~
wingerlang
Well he did say "I have more than 15 years experience as an alpine and rock
climber, I am trained in high-altitude rescue and rope safety." at the bottom.

~~~
lordbusiness
Then promptly described a rig that no climber would use in their right mind.
:-)

------
kondor6c
GR1 is a nice backpack, I've got one and it is solid. A little heavy but a
nice bag.

~~~
nether
The BD Speed 30 would be more appropriate for this, and costs less than half
of the GR1. [http://blackdiamondequipment.com/en/climbing-
packs/speed-30-...](http://blackdiamondequipment.com/en/climbing-
packs/speed-30-pack-BD681117SULFMD_1.html)

~~~
brianmwaters_hn
Shameless plug for Randy Rackliff's packs out of North Conway, NH (the company
is called Cold Cold World:
[http://www.coldcoldworldpacks.com/](http://www.coldcoldworldpacks.com/)).
They are hand-built, to custom order, in New Hampshire, weigh less than name
brand packs, are made of tougher material, AND will only run you about $125.

What's the secret? Simple construction, no bells and whistles and unnecessary
crap like water"proof"ing. Tougher, cheaper, lighter. Not made in China by a
giant corporation. The ultimate hacker pack!

------
jpdlla
Those GORUCK GR1 rucksacks are insane.They even have a "bombproof
compartment".

[http://www.goruck.com/en/GR1](http://www.goruck.com/en/GR1)

~~~
RankingMember
I kept looking for what exactly made it "bomb-proof" in the product
description, but saw no mention of any plating or kevlar or anything, so it
seems like a suspicious claim.

