This session will discuss conducing physical penetration tests in environments that have some level of security protections. A general framework of social engineering, physical intrusions and practical reviews will be proposed. We will explore how to bypass hard physical security controls, how to conduct comprehensive physical security assessments and how to implement more effective physical defenses.
This talk goes beyond obvious physical security vulnerabilities such as following smokers into a building or asking people to hold doors open for you. In social engineering and physical assessments we often run into environments where significant thought has been put into the security of a site. Explore the common mistakes and bypasses in these implementations and ways to more effectively assess an organization’s physical security.