One Week Left to Get an 11" iPad Pro with Apple Pencil w/ OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Going Past the Wire: Leveraging Social Engineering in Physical Security Assessments

  • Wednesday, March 15, 2017 at 11:00 AM EST (2017-03-15 15:00:00 UTC)
  • Stephanie Carruthers

You can now attend the webcast using your mobile device!



Many organizations have started understanding the value they can get with a physical security assessment. However, after having one performed, they are left with a network penetration test report. Unfortunately, many consulting firms do not know how to go past the wire and evaluate the physical security of an organization including their employees. During this talk, Stephanie will discuss the methodology she utilizes at Snowfensive when performing a physical security assessment. This method covers everything from OSINT and on-site reconnaissance, crafting pretexts, multiple attack vectors, and tips and tricks.

This talk has been designed for both red and blue team members. For red team members, they will be able to take away ideas and attack vectors to provide a more valuable service for their clients. Blue team members will be able to take away a better understanding of what a physical security assessment is, what should be included in the scope and ideas of what they could look for internally to secure before having an outside firm conduct an assessment. This talk is designed to appeal to multiple skill levels ranging from junior to manager.

Speaker Bio

Stephanie Carruthers

Stephanie Carruthers is a social engineering professional. After winning a black badge at DEF CON 22 for the Social Engineering Capture The Flag, Stephanie started Snow Offensive Security in 2014, a small boutique consultancy that provides social engineering focused services such as phishing, vishing, physical security assessments. Stephanie specializes in Open Source Intelligence (OSINT) gathering and uses these findings to create highly effective custom pretexts for all her engagements. In her free time, she enjoys going to theme parks and playing table top games.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.