Amusingly, we did this at the Army Reconnaissance Course. I was in one of the last courses still based out of Fort Knox before the Armor School relocated to Benning and our capstone field event was basically a survivor pool where we split into teams starting at the perimeter of the installation and gradually move inward surveilling all of the facilities while the school staff tries to find us. Whoever is the last to get caught wins.

The MPs and US Mint Police were, of course, told we were doing this so they wouldn't shoot us. I do recall an incident from a bit more than a decade back, I think at Fort Bragg, where a soldier going through the special forces Q Course was shot by a police officer.

Must be a slow news day. I head this for a firm, and half expected this to be a piece on some good war stories.

Years ago I was one of those grumpy-looking guys with a rifle standing next to those "USE OF DEADLY FORCE AUTHORIZED" signs, or directed the responses of said grumpy-looking guys.

This is all anecdotal and will vary wildly by org and era. So if you were to compare, say, a NATO WSA during the Cold War against a modern colocation facility that occasionally trots out crew-served weapons for marketing photoshoots...while both are secure facilities featuring some degree of lethal response capability, these will have very different liability profiles and rules of engagement. But in both cases there will need to be procedures in place for evaluating on-duty armed guards in a manner that doesn't get anyone hurt.

For routine training during shifts, a training exercise is openly declared. This can be done ahead of time, or an evaluator may do so by surprise - it all depends on what procedures and scenarios are being evaluated. Once the evaluator/actor is detected or challenged by guards (or some other threshold is passed during a scenario), an exercise is declared out loud. Normally, this will happen before anyone in that scenario might reasonably need to use force.

Upon exercise declaration this is accompanied by a quick "safety briefing" over the radio to response forces with routine reminders on what to do if an unsafe act occurs, so guard forces know to appropriately pretend (shout "bang", blink flashlight, etc) instead of actually firing upon intruders. There's a degree of make-believe roleplay once the exercise is active, since discharging duty weapons in real life comes with mountains of paperwork that I don't want to think about even decades later. Of course, less harmful forms of force may still be permissible (and expected!), such as various restraint techniques or handcuffing/zip-tying resistant bad guys.

For any competent org, this sort of training happens constantly and with enough variation to keep everyone on their toes. The role of "bad guy" is rotated between different guards, so everyone has a chance to attempt breaking in to various restricted areas and enjoy tasting the various flavors of pavement around base as we tackle each other. An exercise of one type can snowball into another, if I manage to catch some unsuspecting lazy troop unawares and "kill" them (usually with a "Surprise! This is an exercise, you're dead, do not answer your radio."), then while they're tagged out (and chewed on by their sergeants about situational awareness), a quick response force is scrambled from available troops on shift to stop us. By this point everyone on shift will know the situation has escalated from a failed pentest into a nasty wargame and should act accordingly.

Bear in mind that these sorts of live exercises are meant to evaluate procedures and test readiness in situ - the forces involved may suddenly be interrupted by real-world duties and time constraints. Live force-on-force training conducted with blanks, MILES gear, airsoft or whatever less-lethal weapons they have these days would be during designated training time and not on shift.

It sounds like the journalist didn't know what Confluence is and thought it was a term of art for any generic intranet.

edit: to those saying the word makes sense without referring to the Atlassian product, I'm not buying it. The journalist put it in quote marks, which to me suggests he thought it was a term of art — if he instead meant it metaphorically, I don't think he would have phrased it like that. It's also just an odd word to use to describe the idea.

The dictionary meaning of "confluence", namely an aggregation or coming together of disparate sources of stuff (information, in this case) into a single place, makes perfect sense here. And searching for places that lots of information gathers seems like a sensible approach to me. The fact that one product happens to have the same name didn't even cross my mind.

Confluence literally means the junction of two rivers, genericized it's where two or more things join or occur together ("a confluence of events"), so it could be either. But naming Confluence (the web application) is very specific, not everyone uses it.

To "conflate" is when two or more things are merged into one.

In tech we usually assume "confluence" means the Atlassian product, not "a merging of several items".

Confluence, n.: a collection of semirandom characters emitted by employees trying to look busy, interned in a series of secure silos, with stringent access controls, to hide the evidence.

This is what happens when people 'sanitize' their writing with an AI. It doesn't often understand trademarks or context, so we get stuff like this.

I imagine the real human written sentence was "Trying to get admin access via a Confluence exploit," which there are many and an app that IT groups take their time updating.

in the last section of the article it says that they have a guy on the inside who gives the order not to shoot

What is terrifying is the US 'justice' system. It is set up to get people locked up, whoever the Sheriff wants locked up. What a tragic story about a supposedly civilised country.

A more accurate modern depiction would probably be incredibly boring, at least the actual physical part, because it's mostly people tailgating, walking into the nearest empty office, and plugging a small box into the network port.

The irrational conspiracy part of my brain thinks Greg is probably undercover MI6.

Given they're supposed to show up at top-secret bases and find a way in, they probably don't want their real names and photos to be a Google search away for blue teams to recognize on sight.

There is probably an elite practitioner space for this managed and staffed by people with a career focus in cat burglary or whatever, but for the most part if you want to do physical pentesting the straightforward career path in is to become an information security consultant --- which will mean sharpening up your non-physical skills, because most of the demand is non-physical.

Its probably not even that sexy just waiting for someone to hold the door behind them. At my workplace we are told in our HR material not to hold doors open for anyone but guess what everyone does...

Depends on how you define stop working I guess? An E-Stop would count in some definitions.

It's probably quite easy...

well, for one, it's conducive to an interesting discussion