Security Guards -- LOL! - (BSides Nashville 2017) (Hacking Illustrated Series InfoSec Tutorial Videos)
Security Guards -- LOL!

Brent White

BSides Nashville 2017
http://bsidesnash.org

During onsite "black box" penetration assessments, it is quite common that you will encounter a security guard, especially when forced to enter via a lobby or other single point of entry. For situations where guards are unavoidable, we will share several war stories and social engineering techniques that have helped us turn these potential issues into successful engagements. During this presentation you will hear real-world stories from various Red Team assessments that we've performed. These assessments will be broken down to discuss the various social engineering and physical security bypass methods and tools used. We will also provide our recommendations for remediation and provide the audience the opportunity to ask questions. 3 things you will learn from this session: - Hear real world scenarios used during red team, physical and social engineering assessments. - What techniques we use vs. security guards and tenacious employees. - What tools we use such as forging fake badges and documents, physical entry/bypass tools and social engineering/manipulation techniques for successful assessments.

Brent is an Sr. Security Consultant within NTT Security, is the founding member of the Nashville Def Con group (DC615), and is also a supervisor for the Def Con conference "Groups" program. He has held the role of Web/Project Manager and IT Security Director at the headquarters of a global franchise company as well as Web Manager and information security positions for multiple television personalities and television shows on The Travel Channel. He has also been interviewed on the popular web series, "Hak5" with Darren Kitchen, BBC News, and on Microsoft's "Roadtrip Nation" television series. His experience includes Internal/External Penetration, Wireless, Application and Physical Security assessments, Social Engineering, and more. Brent has also spoken at numerous security conferences, including ISSA International, DEF CON, DerbyCon, SaintCon, PhreakNic, SkyDogCon, NolaCon, B-Sides Nashville, B-Sides Charleston, Techno Security Con, TakeDownCon and Appalachian Institute of Digital Evidence (AIDE) conference at Marshall University, and more. Tim is a Sr. Security Consultant within NTT Security''s Threat Services group. He has spoken at national, international and collegiate security conferences, including ISSA International, DEF CON, DerbyCon, various B-Sides, CircleCityCon, Techno Security Con, SaintCon, Appalachian Institute of Digital Evidence at Marshall University and more. He has been interviewed on the subject of "White hat hacking" for Microsoft's "Roadtrip Nation" television series, was featured on IDG Enterprise's CSO Online publication by Ryan Francis on social engineering and is a regular contributor to NTT Security's #WarStoryWednesday blog series. Tim has held management, IT and physical security roles across multiple industries, including healthcare and government. His professional experiences cover traditional/non-traditional hacking techniques that include network, wireless, social engineering, application, physical and scenario-based compromises. These techniques have led to highly successful Red Team assessments against corporate environments. By continuing to share these experiences, he hopes to further contribute to the InfoSec community.

Back to BSides Nashville 2017 list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek