Let The Right One In

Presented at Kernelcon 2020 Virtual, March 27, 2020, 3:45 p.m. (60 minutes)

Charles Dickens is quoted as saying, 'A very little key will open a very heavy door.' Physical penetration testing is often overlooked when it comes time for a company's annual security assessment. Oftentimes, physical is left out for even a full-scope Red Team exercise. I've heard all of the reasons (excuses) why: 'we have guards,' 'we have locks,' 'card reader access,' 'we know it's an issue, just not a priority,' or 'it seems like cheating,' and the list goes on. I am here to discuss why Physical Penetration Testing/Physical Red Teaming is not only beneficial, but also crucial to a company's security well-being. I will review what physical red teaming is, how physical red teaming differs from traditional physical penetration tests, some of the tactics used in bypassing physical security controls, how closely tied physical security is to the overall posture and effectiveness of security training programs and policies, and will give several scenarios in which a physical intrusion opened several more doors (pun intended) during Red Team excursions.


Presenters:

  • David Boyd - TrustedSec
    David Boyd (@fir3d0g) is a Security Consultant with TrustedSec. He is a Christian, husband, and father who also enjoys geek culture, video games, and Mountain Dew. He has worked with a variety of environments including education, military, retail, government, media, law firms, and hospitals, always learning something from each one along the way. He also once found Waldo and Carmen Sandiego.

Links:

Similar Presentations: