10-30, 09:00–09:50 (Canada/Eastern), Track 1
Language: English
You work hard to defend against internet based threats but how prepared are you when the attacker is on the literal doorstep? This session will provide a better understanding of the onsite attack surface and some of the more common, practical attack techniques that can result in a difficult to detect network compromise. Attendees will gain a better understanding of the role of Information Security as it pertains to Physical Security and be better equipped to identify gaps in their defenses before they are exploited.
Title/Bio Slides - Indicating the presentation an providing brief professional background
Talk Topic Slide - Discussing the issue presented, listing areas that will be covered, setting framework for the audience.
Perimeters - Discuss the onsite perimeter types and the difference between attacker and defender understanding of perimeters
-Wireless Perimeters
-Physical Perimeters
-Social Engineering Perimeters
Risk - Discuss the attacker's approach to risk in relation to executing onsite attacks.
Attacks - Cover the attacks available against the different perimeters
-Wireless Client
-Wireless Infrastructure
-Other wireless devices
-Bypassing Physical Controls
-Defeating Physical Controls
-In-person Social Engineering
Hybrid Attacks - Leveraging multiple tools and techniques to execute a complete attack.
Remediation - Suggestions, warnings of common pitfalls and a call to action.
Q&A/Exit Slides
Majority of the time is spent on the different attacks, followed by understanding the onsite attacker mindset
Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. These experiences lead Chris to co-found Dolos Group with a focus on Red/Purple Teaming, security education and training. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, FS-ISAC, and various B-Side events. He is a perennial volunteer at the Thotcon conference in his native Chicago and helps to organize multiple Chicagoland “BurbSec” information security monthly gatherings.