“Rule 1: Cardio” (and 9 other rules to keep intruders out)

Presented at DerbyCon 1.0 (2011), Oct. 1, 2011, 10 a.m. (50 minutes).

No one likes to be made a fool of. But it’s doubly embarrassing if you help in the process. Physical pen tests tend to expose, sometimes in painful detail, just how low a priority is placed on preventing the entry of a new and unwanted organic endpoint (like me, Tom Cruise, the cast of Sneakers or a real bad guy) into one’s environment.

Put another way, most organizations are content to sit behind their chain link fences, their electronic doors and their low-paid security guards while blithely unaware of bad guys scripting out attack vectors. Sadly, these vectors are not really novel, or new, or even especially difficult. In fact, the ‘Top 10′ items in this presentation will seem like common sense, but when sewn together, create a virtual Red Carpet for a savvy pentester.

This presentation is not meant to be uber-techie but presents some social engineering and physical pentesting exploits that anyone responsible for securing people, places and things should familiarize themselves with. You will be given real-life examples from ethical hacking engagements as well as tips to help you close those avenues of attack.


Presenters:

  • Joe Schorr
    Joe Schorr has over 16 years professional services and industry experience in Information Technology and Information Security. He currently manages the InfoSec Practice for CBI. Previously he led the BT Ethical Hacking team on an 11,000 hour PCI Compliance test for a large telco, once led a 100-day project that delivered secure internet access to every public school in Tennessee and was also the CIO of a major non-profit for several years. He has performed many social engineering and physical security assessments over the years and has presented on a range of topics including online child safety, wireless security and security awareness. He also enjoys the works of Hemingway, boats, fishing, guns, rum drinks and napping. But not all at once… mostly.