Let's Get Physical: Stories From Behind Your Company's Gate

Recordings

http://youtu.be/57Wndc1DRfU

View Recording

Slides

/files/slides/001-09_XFZLKA_let-s-get-physical-stories-from-behind-your-company-s-gate.pdf

View Slides

Abstract

In this light-hearted session led by experienced red teamers, participants will explore the intricate world of physical security breaches in corporate settings. The presentation will focus on practical techniques like caller-ID spoofing, social engineering, and rogue device deployment, alongside undetected infiltration and objective attainment. Through engaging narratives, including a night-time operation in a European high-security facility, the speakers will demonstrate how to navigate high-pressure scenarios. The talk aims to provide a clear understanding of physical breach dynamics, potential challenges, and their impact, empowering attendees with insights into the art of physical intrusion.

Moritz Thomas

Moritz developed an interest in hacking computer programs & video games during his Bachelor’s computer science studies and soon acquired a distinguished set of skills in binary reverse-engineering. A few years later, he wrote his Master’s thesis about conceptualizing and implementing a modular proxy for IoT appliances at NVISO. Right after his studies, he decided to join NVISO and embark on a journey into (mostly) offensive IT security.

Today, he is a senior IT security consultant and red teamer at NVISO ARES (Adversarial Risk Emulation & Simulation) where he coordinates and participates in research & development efforts. When he isn’t infiltrating networks or exfiltrating data, he is typically knees deep in research and development, working on new techniques and tools in red teaming.

With more than 15 years of experience in programming, 5 years in binary reverse-engineering and three years in professional offensive IT security assessments, he feels like he is just getting started!

 

Firat Acar

Firat is a senior red teamer within NVISO. His specialties include the whole red team attack cycle, mainly the internal network and Active Directory part, as well as physically breaching company defenses.