Best of GSX 2019- Lessons Learned by Purposefully Hacking Physical Security
What's the best way to uncover vulnerabilities? Think like the enemy. Exercises designed to break your security can expose your vulnerabilities... before an adversary does. This Best of GSX package includes 3 sessions exploring how beating the system can improve your security.
This package includes:
We Sneak in to High-Security Buildings and Get Paid for It
Physical security penetration testing (pen tests or red team) work is often misunderstood. A review of real-life stories of past pen test engagements highlights the techniques used, challenges faced, skills required, and all that goes into a proper physical pen test. This question is not, Why should a pen test be done? Rather, the question is, How should a pen test be done properly? Join in a dialogue featuring actual stories from your friendly neighborhood physical security hackers.
Cyber Attack on a Commercial Building
Whether its commercial buildings, malls, hospitals, government complex, or any other physical structure, a building's infrastructure and its systems are legitimate targets for cyber or combined cyber and physical attacks. In early 2019, cyber and physical security professionals designed and executed an attack against a Class A commercial building. The result was concrete evidence of the real risks and vulnerabilities that result from this type of attack. Discuss the management and technical actions that can be taken to reduce these risks.
Leveraging the Attacker Mentality Through Red-teaming
Notable case studies of espionage, crime, and activism show that serial attackers have a unique mindset. They maintain a singular focus on their mission, employ non-linear thinking and backward design, are extremely patient, and willingly use any means necessary (multiple vectors, multiple domains) to accomplish their goal. Enterprise security risk managers can effectively leverage these perspectives through red-teaming. The goals of the exercises is to identify assets within the organization that are of value to others, learn how an attacker will plan and conduct an attack, and identify attack vectors that exist in places they never imagined. Case studies show how victimized organizations would have benefited from leveraging the attacker perspective through red-teaming.