Many organizations have started understanding the value they can get with a physical security assessment. However, after having one performed, they are left with a network penetration test report. Unfortunately, many consulting firms do not know how to go past the wire and evaluate the physical security of an organization including their employees. During this talk, Stephanie will discuss the methodology she utilizes at Snowfensive when performing a physical security assessment. This method covers everything from OSINT and on-site reconnaissance, crafting pretexts, multiple attack vectors, and tips and tricks.
This talk has been designed for both red and blue team members. For red team members, they will be able to take away ideas and attack vectors to provide a more valuable service for their clients. Blue team members will be able to take away a better understanding of what a physical security assessment is, what should be included in the scope and ideas of what they could look for internally to secure before having an outside firm conduct an assessment. This talk is designed to appeal to multiple skill levels ranging from junior to manager.