No one likes to be made a fool of. But it’s doubly embarrassing if you help in the process. Physical pen tests tend to expose, sometimes in painful detail, just how low a priority is placed on preventing the entry of a new and unwanted organic endpoint (like me, Tom Cruise, the cast of Sneakers or a real bad guy) into one’s environment. Put another way, most organizations are content to sit behind their chain link fences, their electronic doors and their low-paid security guards while blithely unaware of bad guys scripting out attack vectors. Sadly, these vectors are not really novel, or new, or even especially difficult. In fact, the ‘Top 10' items in this presentation will seem like common sense, but when sewn together, create a virtual Red Carpet for a savvy pentester. This presentation is not meant to be uber-techie but presents some social engineering and physical pentesting exploits that anyone responsible for securing people, places and things should familiarize themselves with. You will be given real-life examples from ethical hacking engagements as well as tips to help you close those avenues of attack.

Back to Derbycon 2011 video list