The Human Pentest

Presented at BSides Austin 2018, March 8, 2018, 1:30 p.m. (60 minutes)

The mantra of any good red teamer is, "hope for the best, but plan for the worst." In this talk, we will cover tactics and approaches that can be leveraged to achieve client goals and provide value, even when having to operate within tight logistical constraints. Various stories will be used to provide examples of merging social engineering with physical and logical access during physical red team assessments to ultimately achieve success. The talk will follow a network pentest theme to help bridge the gap between logical and physical pentesters and also provide examples of how these two types of skills can complement each other, especially in more physically locked down environments. We will start off with covering the planning process for three different scenarios: brute force, insider attack, and planned attack. Next, we will review "needed" vs. "would be nice to have" tools (for achieving both physical and logical access as well as persistence) and the prep work once a methodology has been agreed upon with the client. We will then go into tips on what a red teamer should know and do while conducting the assessment such as identifying cameras, sweeping the office before sitting at a computer and preparing hiding areas for nighttime patrols. The talk will also cover more in-depth tactics such as tips for achieving logical access as well as what to focus on once you obtain domain administrator or other high-level privileges within the network. Finally, we will cover worst-case-scenarios and tips for moving forward with an assessment when nearly all hope of reaching the final objective is lost.

Presenters:

• Summer Lee
  Summer Lee (crazian) is part of the Threat & Attack Simulation (TAS) team for GuidePoint Security. She started using social engineer tactics at a very young age which led her to have a special interest in physical Red Team engagements. Crazian is an Army veteran who has been active in the Austin infosec community since 2014 including AHA, Longhorn Lockpicking, OWASP Austin Chapter, and ATX2600. She is also a mentor for the RRISD CyberPatriots and various CCDC competitions. Crazian spends her late nights on Hack the Box. When she's not talking infosec, she can be found playing tabletop and video games.

Links:

• https://bsidesaustin2018.sched.com/event/DuGM/the-human-pentest

Similar Presentations:

• DerbyCon 9.0 Finish Line (2019) / Getting the most out of your covert physical security assessment - A Client’s Guide
• THOTCON 0x9 (2018) / Inside The Wire: Network Attacks Against Physical Access Controls
• NolaCon 2018 / Skills For A Red-Teamer