An international company asked us to deliver a real "Red Teaming" activity, by mimiking an attacker who was provided only by physical access to one of the branch, composed by two different buildings. From there, we were asked to try to get complete control of the infrastructure. We started by working on the legal part, that is the most critical one, expecially in Italy where laws are complex and there are multiple actors to consult (internal HR, labor unions, etc...) in order understand what can be done and what should be avoided; unluckily, every engagement is different and this part must be evaluated every time. To take care of every single aspect, we worked closely with two different teams of law expert and legals, providing to our customer all the documentation and the contracts that allowed both us and them to safely deliver the activity. Once this part was completed, we started preparing the technical side of the activity. Plenty of tools, both hardware and software were bought, tested, tuned and then discarded or selected, based on how they performed in our labs. We also prepared a dedicated infrastructure to allow us to silently exfiltrate information and to be able to control our RATs without putting the whole infrastructure at risk. A third step was the preparation of a "play book", where everyone in the team was acting as a different character and was aware about a "fake story" and plenty of pre-agreed answers to provide to different people in different situation (e.g.: how to answer to security guards if we get catched). Once ready, we started by a physical reconnaissance of the buildings and a fine tuning of the various tools we prepared, to best match the requirements of the activity. We than moved on with the most malicious activities, trying to become administrator of the whole infrastructure. Did we succeed? Join the talk and you will find out :-P