During onsite ?black box? penetration assessments, it is quite common that you will encounter a security guard, especially when forced to enter via a lobby or other single point of entry. For situations where guards are unavoidable, we will share several war stories and social engineering techniques that have helped us turn these potential issues into successful engagements. During this presentation you will hear real-world stories from various Red Team assessments that we?ve performed. These assessments will be broken down to discuss the various social engineering and physical security bypass methods and tools used. We will also provide our recommendations for remediation and provide the audience the opportunity to ask questions. 3 things you will learn from this session:
- Hear real world scenarios used during red team, physical and social engineering assessments.
- What techniques we use vs. security guards and tenacious employees.
- What tools we use such as forging fake badges and documents, physical entry/bypass tools
and social engineering/manipulation techniques for successful assessments.

Tim and Brent are Sr. Security Consultants within NTT Security?s Threat Services team and have spoken at internationally recognized conferences including DefCon, DerbyCon, ISSA International, and more. By sharing their experiences, they hope to continue to contribute to the InfoSec community. Tim has held management, IT and physical security roles across multiple industries, including healthcare and government, contributes to NTT Security?s ?#WarStoryWednesday' series, and has been featured in CSO on the subject of onsite social engineering. Brent has held IT roles including Security Director of a global franchise, as well as InfoSec positions for TV personalities. He?s also been interviewed on the popular web series, ?Hak5? with Darren Kitchen. Both have been interviewed on the topic of hacking for Microsoft?s ?Roadtrip Nation? TV series.

Recorded at NolaCon 2017