Zlata Pavlova & Rob CurtinSeufert – “Recon Done Right – Physical Edition”
Have you ever walked through a swamp at 3 am? Have you driven around blocks trying to mark what cars are located in the parking lot? Have you sat in the reeds taking pictures of cameras and doors? Have you spent so much time doing OSINT that your eyes cross? If you answered yes to at least 2 of these questions – you must be a physical Penetration Tester. In this talk, we will share tips and tricks of our tradecraft with you. We discuss our preparation, mindset, load-out, and execution methods that work for us. We will do a deep dive into the three most important aspects for us: preparation, reconnaissance, and planning. We will cover our 5 phase approach to a physical penetration test (Digital Recon (OSINT), Physical Recon, Analysis and Planning, Breach and Site Exploitation), when and where social engineering should be used and why, and how to plan and be prepared for unseen circumstances by accounting for multiple unique variables. With our methodology, if the Recon, Analysis, and Planning are done correctly the breach and Site Exploitation should be less than 10 percent of the work. Come join us as we discuss how and why this is and learn from our mistakes and our successes.