Kernelcon 2020

This is a virtual event.

Security Consultant David Boyd will be virtually presenting at Kernelcon this year on Friday (March 27) at 3:45 p.m.

Talk: Let The Right One In (60 minutes)

Charles Dickens is quoted as saying, ‘A very little key will open a very heavy door.’ Physical penetration testing is often overlooked when it comes time for a company’s annual security assessment. Oftentimes, physical is left out for even a full-scope Red Team exercise. I’ve heard all of the reasons (excuses) why: ‘we have guards,’ ‘we have locks,’ ‘card reader access,’ ‘we know it’s an issue, just not a priority,’ or ‘it seems like cheating,’ and the list goes on. I am here to discuss why Physical Penetration Testing/Physical Red Teaming is not only beneficial, but also crucial to a company’s security well-being. I will review what physical red teaming is, how physical red teaming differs from traditional physical penetration tests, some of the tactics used in bypassing physical security controls, how closely tied physical security is to the overall posture and effectiveness of security training programs and policies, and will give several scenarios in which a physical intrusion opened several more doors (pun intended) during Red Team excursions.