Whenever an attacker decides to attempt to compromise an organization they have a few options. They can try to send phishing emails, attempt to break in through an externally facing system, or if those two fail, an attacker may have to resort to attacks that require physical access. Having the right tools in the toolkit can determine whether a physical attacker is successful or not. In this talk we will discuss a number of different physical devices that should be in every physical pentester's go-bag.
Stealing credentials from a locked computer, getting command and control access out of a network, installing your own unauthorized devices, and cloning access badges are some of the topics we will highlight. We will demo these devices from our own personal go-bags live. Specific use cases for each of the various devices will be discussed including build lists for some custom hardware devices.
Derek is a Senior Security Analyst at Black Hills Information Security and has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development industries. Derek has experience with creating custom host and network based monitoring solutions.
Beau is a Senior Security Analyst at Black Hills Information Security and has held positions in the financial and health industries and has experience with all aspects of enterprise network security including penetration testing, vulnerability analysis, data loss prevention, wireless security, firewall management, and employee security training. Beau is a Hack Naked TV host, and frequent speaker at industry events.