Many organizations have started understanding the value they can get with a physical security assessment. However, after having one performed, they are left with a network penetration test report. Unfortunately, many consulting firms don't know how to go past the wire and evaluate the physical security of an organization including their employees. During this talk, Stephanie will discuss the methodology she utilizes at Snowfensive when performing a physical security assessment. This methodology will cover everything from OSINT and on-site reconnaissance, crafting pretexts, multiple attack vectors, and tips and tricks.

Stephanie Carruthers is a social engineering professional. After winning a black badge at DEF CON 22 for the Social Engineering Capture The Flag, Stephanie started Snowfensive in 2014, a small boutique consultancy that provides social engineering focused services such as phishing, vishing, physical security assessments, penetration testing and red team exercises. Stephanie specializes in Open-Source Intelligence (OSINT) gathering and uses these findings to create highly effective custom pretexts for all her engagements. In her free time, she enjoys going to theme parks and playing table top games.

Recorded at NolaCon 2017