A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


 Going past the wire: Leveraging Social Engineering in physical security assessments - "Snow" Stephanie Carruthers NolaCon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Going past the wire: Leveraging Social Engineering in physical security assessments
"Snow" Stephanie Carruthers
@_sn0ww

Many organizations have started understanding the value they can get with a physical security assessment. However, after having one performed, they are left with a network penetration test report. Unfortunately, many consulting firms don't know how to go past the wire and evaluate the physical security of an organization including their employees. During this talk, Stephanie will discuss the methodology she utilizes at Snowfensive when performing a physical security assessment. This methodology will cover everything from OSINT and on-site reconnaissance, crafting pretexts, multiple attack vectors, and tips and tricks.

Stephanie Carruthers is a social engineering professional. After winning a black badge at DEF CON 22 for the Social Engineering Capture The Flag, Stephanie started Snowfensive in 2014, a small boutique consultancy that provides social engineering focused services such as phishing, vishing, physical security assessments, penetration testing and red team exercises. Stephanie specializes in Open-Source Intelligence (OSINT) gathering and uses these findings to create highly effective custom pretexts for all her engagements. In her free time, she enjoys going to theme parks and playing table top games.

Recorded at NolaCon 2017

Back to NolaCon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast