Social Engineering, Physical Security & USB Attacks

Presented at RVAsec 2019, May 22, 2019, 3 p.m. (50 minutes)

You may think that USB drops are a thing of the past but that’s certainly not the case. Sometimes breaching a target with a massive defense budget is as simple as a $10 USB dropped at the right location. In this talk I’ll share how an organization could start their own USB drop assessment by detailing the history, common research, tools of the trade, tactics, and mindset of a potential attacker.

Presenters:

• Brad Thornton - ICSynergy
  I’m currently a Senior Penetration Tester with a consultant firm. I participate in multiple CTF events, belong to several security focused organizations, and attend numerous conferences on the subject. Historically, I’ve served in various roles in relation to privilege identity and access management. I’ve built out some of the world’s largest implementations of privileged identity access systems, predominantly in shared access and multi-factor authentications.

Links:

• https://rvasec2019.sched.com/event/OAxk/social-engineering-physical-security-usb-attacks

Similar Presentations:

• BalCCon2k22 - Loading (2022) / USB - How does it even work?
• Black Hat USA 2014 / BadUSB - On Accessories that Turn Evil
• ToorCon San Diego TwentyOne (2019) / Hacking Even More USB with USB-Tools