The Most Comprehensive DFIR Event of the Year: SANS DFIRCON! Save $200 thru 10/3.


To attend this webcast, login to your SANS Account or create your Account.

Going Past the Wire: Leveraging Social Engineering in Physical Security Assessments

  • Wednesday, March 15th, 2017 at 11:00 AM EST (15:00:00 UTC)
  • Stephanie Carruthers
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Many organizations have started understanding the value they can get with a physical security assessment. However, after having one performed, they are left with a network penetration test report. Unfortunately, many consulting firms do not know how to go past the wire and evaluate the physical security of an organization including their employees. During this talk, Stephanie will discuss the methodology she utilizes at Snowfensive when performing a physical security assessment. This method covers everything from OSINT and on-site reconnaissance, crafting pretexts, multiple attack vectors, and tips and tricks.

This talk has been designed for both red and blue team members. For red team members, they will be able to take away ideas and attack vectors to provide a more valuable service for their clients. Blue team members will be able to take away a better understanding of what a physical security assessment is, what should be included in the scope and ideas of what they could look for internally to secure before having an outside firm conduct an assessment. This talk is designed to appeal to multiple skill levels ranging from junior to manager.

Speaker Bio

Stephanie Carruthers

Stephanie Carruthers is a social engineering professional. After winning a black badge at DEF CON 22 for the Social Engineering Capture The Flag, Stephanie started Snow Offensive Security in 2014, a small boutique consultancy that provides social engineering focused services such as phishing, vishing, physical security assessments. Stephanie specializes in Open Source Intelligence (OSINT) gathering and uses these findings to create highly effective custom pretexts for all her engagements. In her free time, she enjoys going to theme parks and playing table top games.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.