Modern criminals don't hack computers, they hack people. Emulating modern techniques requires modern tooling. This talk takes you on a journey from being an outsider to full domain compromise of a modern corporate network, with a focus on identifying and leveraging human targets at each step along the escalation path, all using freely available open source tools.
The central focus of this talk is the re-release of a tool called Rolodex, and how it can be used in various Red Team and Penetration Testing engagements. Rolodex is a tool for managing information about people during an engagement, from that very first LinkedIn search, all the way to that final DCSync, tracking information about the human attack surface can be instrumental to success.