BSides Austin 2018

The mantra of any good red teamer is, “hope for the best, but plan for the worst.” In this talk, we will cover tactics and approaches that can be leveraged to achieve client goals and provide value, even when having to operate within tight logistical constraints. Various stories will be used to provide examples of merging social engineering with physical and logical access during physical red team assessments to ultimately achieve success.

The talk will follow a network pentest theme to help bridge the gap between logical and physical pentesters and also provide examples of how these two types of skills can complement each other, especially in more physically locked down environments.

We will start off with covering the planning process for three different scenarios: brute force, insider attack, and planned attack. Next, we will review “needed” vs. “would be nice to have” tools (for achieving both physical and logical access as well as persistence) and the prep work once a methodology has been agreed upon with the client.

We will then go into tips on what a red teamer should know and do while conducting the assessment such as identifying cameras, sweeping the office before sitting at a computer and preparing hiding areas for nighttime patrols. The talk will also cover more in-depth tactics such as tips for achieving logical access as well as what to focus on once you obtain domain administrator or other high-level privileges within the network. Finally, we will cover worst-case-scenarios and tips for moving forward with an assessment when nearly all hope of reaching the final objective is lost.