A crack team assembles and breaks into a top-secret military base or corporate headquarters - you've probably seen it a dozen times in movies or on TV.

But such teams exist in the real world and can be hired to test the most stringent security.

Many companies test computer systems by trying to hack into them remotely. This is called white hat hacking.

But skills involving breaching physical security, known as "red teaming," are rare.

Companies that offer red teaming services must recruit employees with very specific skills.

Red teams often use former military and intelligence personnel who are asked a question.

"How could you break into this top-secret project?"

Major defense company Leonardo provides such a service.

The company says adversarial states seeking disruption and chaos are a real threat and sells its red team capabilities to government, critical infrastructure and defense sector customers.

Its red team agreed to be interviewed by the BBC under a pseudonym.

Team leader Greg had served in the engineering and intelligence branches of the British Army, studying the digital capabilities of potential enemies.

“I spent ten years learning how to exploit enemy communications,” he said of his background.

Now he coordinates the five-person team.

The goal of the attack is to gain access. The goal might be to prevent the operation of a process, such as the core of a nuclear power plant.

Greg and his team's first step is called passive reconnaissance.

The team uses an anonymous device, possibly a smartphone that can only be identified by its SIM card, to build a picture of the target.

"We have to avoid arousing suspicion so the target doesn't know we're watching them," Gregg said.

Any technology they use is not tied to a business through an internet address but is purchased with cash.

Charlie has worked in military intelligence for 12 years, and his skills include studying commercial satellite imagery of a location and scanning job ads to find out the type of people working there.

"We start at the edge of the target, away from the target. Then we start moving into the target area and even look at the attire of the people who work there."

This is called hostile reconnaissance. They are approaching the scene but keeping their visibility low, wearing different clothes each time they show up, and swapping team members so security doesn't spot the same person walking through the door.

Technology is designed by people, and the human factor is the weakest link in any security setup. That's where Emma, ​​who served in the RAF, comes in.

Emma, ​​who has a background in psychology, happily describes herself as a "bit of a nosy people-watcher."

"People are taking shortcuts to get around security protocols. So we're looking for disgruntled individuals on site."

She listens to conversations in nearby cafes and bars to get a sense of where the dissatisfaction with her employer lies.

"Every organization has its quirks. We understand how likely people are to receive suspicious emails due to workload and fatigue."

An unhappy security guard may become lazy at work. “We are looking at access, such as delivery.”

High turnover rates as evidenced by frequently posted job vacancies also indicate dissatisfaction and lack of engagement with safety responsibilities. Another technique is tailgating, which involves spotting people who might open access doors for followers.

Using this intelligence, along with a bit of guile, security passes can be replicated and a red team can impersonate employees to gain access to the premises.

Once on site, Dan knows how to open doors, filing cabinets, and desk drawers. He is equipped with a lockpick key known as a shaker, which has various contours and can pop open locks.

He's looking for written passwords, or he'll use a plug-in smart USB adapter to simulate a computer keyboard and break into the network.

The last step of the so-called killing chain is in Stanley's hands.

As a cybersecurity expert, Stanley knows how to penetrate the most secure computer systems and works based on reconnaissance reports from his colleagues.

"In the movies, it only takes a few seconds for a hacker to break into a system, but that's not the case in reality."

He prefers his "escalation method," which involves working through the system with administrator access and searching for "fusions," collections of information shared in one place, such as a workplace intranet.

He can roam files and data with administrator access. One way the kill chain could be ended would be for Stanley to send an email impersonating the CEO of the business via an internal, and therefore trustworthy, network.

Although their operations were approved by their target customers, they broke into the site as complete strangers. How does it feel?

"If you have access to the server room, it can be very nerve-wracking, but the more you have access, it gets easier," Dan said.

Someone at the target location knows what happened. "We stay in contact with them so they can issue instructions 'Don't shoot these people,'" Charlie added.