Security Guards -- LOL!

Presented at NolaCon 2017, May 20, 2017, 2 p.m. (Unknown duration)

During onsite “black box” penetration assessments, it is quite common that you will encounter a security guard, especially when forced to enter via a lobby or other single point of entry. For situations where guards are unavoidable, we will share several war stories and social engineering techniques that have helped us turn these potential issues into successful engagements. During this presentation you will hear real-world stories from various Red Team assessments that we’ve performed. These assessments will be broken down to discuss the various social engineering and physical security bypass methods and tools used. We will also provide our recommendations for remediation and provide the audience the opportunity to ask questions. 3 things you will learn from this session: – Hear real world scenarios used during red team, physical and social engineering assessments. – What techniques we use vs. security guards and tenacious employees. – What tools we use such as forging fake badges and documents, physical entry/bypass tools and social engineering/manipulation techniques for successful assessments.

Presenters:

• Tim Roberts / byt3boy   as Tim Roberts
  Tim is a Sr. Security Consultant within NTT Security’s Threat Services group. He has spoken at national, international and collegiate security conferences, including ISSA International, DEF CON, DerbyCon, various B-Sides, CircleCityCon, Techno Security Con, SaintCon, Appalachian Institute of Digital Evidence at Marshall University and more. He has been interviewed on the subject of “White hat hacking” for Microsoft’s “Roadtrip Nation” television series, was featured on IDG Enterprise’s CSO Online publication by Ryan Francis on social engineering and is a regular contributor to NTT Security’s #WarStoryWednesday blog series. Tim has held management, IT and physical security roles across multiple industries, including healthcare and government. His professional experiences cover traditional/non-traditional hacking techniques that include network, wireless, social engineering, application, physical and scenario-based compromises. These techniques have led to highly successful Red Team assessments against corporate environments. By continuing to share these experiences, he hopes to further contribute to the InfoSec community.
• Brent White / B1TK1LL3R   as Brent White
  Brent is an Sr. Security Consultant at NTT Security. He is the founder of the Nashville DEF CON group (DC615) and is the Global Coordinator for the DEF CON conference Groups program. He has held the role of Web/Project Manager and IT Security Director at the headquarters of a global franchise company as well as Web Manager and information security positions for television personalities on The Travel Channel. He has also been interviewed on the popular web series, Hak5‚ with Darren Kitchen, BBC News, and Microsoft‚ Roadtrip Nation show. Brent has also spoken at numerous security conferences including DEF CON, DerbyCon and ISSA International. Twitter: @brentwdesign

Links:

• https://nolacon.com/talk/security-guards-lol
• https://infocon.org/cons/NolaCon/NolaCon 2017/Security Guards LOL Brent White Tim Roberts.mp4
• https://infocon.org/cons/NolaCon/NolaCon 2017/Security Guards LOL Brent White Tim Roberts.srt (subtitles)

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / Breaking Into Your Building: A Hackers Guide to Unauthorized Access
• Wild West Hackin' Fest 2019 / Breaking Into Your Building - A Hacker's Guide to Unauthorized Physical Access
• NolaCon 2019 / Breaking Into Your Building: A Hacker's Guide to Unauthorized Physical Access