how do we attack

What we do

• Recon
  • ​Remote
  • On Site
• Threat Profiling
• Attack the easiest target 
• Post Exploitation / Primary Goal

What we don't do

• Drive though the front door​
• Hurt people / Active Shooter
• Destroy Property
• Property Theft 

attacker mind set

• Goal oriented (securing your facility will require looking  at everything)​
• Low Hanging Fruit
• Social Engineering
• Get in Get out

• There is a budget not all tech is in the budget
• Not everything is a good value
• Only you can decided what you want to protect
• Human life should be top of the list

warning

Types of Recon

badge Recon Remote

badge Recon ONSITE

GEOSPATIAL RECON

Google Maps

Bing Maps

ArcGIS

street view

Attack Paths

• Ingress/Egress Points
• Potential chokepoints (for badge cloning)
• Structure floor plan
• Trash receptacle placement?

SURVEILLANCE

Types of SURVEILLANCE

camera

Types

• PTZs
• Static
• Viral Focal / Optical Zoom
• License Plate / Speciality

Object Recognition / AI

• Vehicle 
• Human
• Face
• People Counting

Monitoring / Posture

• Active 
• Passive
• AI Detection

camera Tracking

camera Face

pacs

RFID SystemS

• Log Badge Entry
• Log Badge Exit (where applicable)
• Log Invalid Badge Reads (take action)
• Tie Badge Reads to Cameras
• Keep Audit Logs

human

• Roaming Guards
• Active Monitoring
• Suspicious Activity Reports (Employee)

SIGNAL

Bluetooth

• Track known bluetooth devices
• Some systems can tie this to employee

Wireless

• Track known BSSID
• Tie to company workstations

FACILITY HARDING

Types of harding

CaMERA

Harding

• Placement - Out of reach
• Outdoor rating
• Redundant systems
  • power
  • recording
• Backups

RFID

• Well lit area w/ 24x7 camera coverage
• Non-cloneable technology (Elite Keys)
• Card Control
• Outdoor rating
• Redundant power system
• Backups
• Multi-factor (e.g., Card & Pin Code)
• Biometrics
• Disable unused technology on multiClass readers
• Security screws w/epoxy
• OSDP

Doors

• Exterior doors should be well lit and have at least one camera
• Mechanical locks:
  • should be high-security
  • no air gaps around the frame
  • protected by latch guards  
• Interior doors (sensitive office space):
  • Use ADA handles with a smooth fall-off / taper
  • Camera coverage, lights, and/or over head mirrors
  • Minimal air-gap / latch guard if applicable
• Anti-piggybacking sensors on employee only / sensitive areas
• Badge access required for each floor

GUARDS

• Consistent staffing: Make best efforts to retain proven/effective guard staff 
• Quarterly Training & Assessments: Incident response war games
• Roaming Patrols: Should be at random not at specific times
• Reactive / Proactive Posture: Determine what can be logged and what requires immediate attention
• Video Monitoring & Access Control Monitoring: Recommend active monitor in cases where personal harm is of concern
• Guards should guard, they should not also serve as receptionists 

Network

• Lock down ethernet ports
• Wireless encryption
• Wireless authentication
• Secure workstations
• Added security for servers
• Implement additional security measures
• Isolate security controls, PACS, and cameras

Policy

• Create a physical security policy
  • Guard posturing & response
  • Employee responsibilities 
  • Business risk acceptability 
• Assess the policy
  • Guard: Conduct readiness to assess incident response
  • Employee: Conduct human focused security assessments (e.g., SE and tailgating)
  • Business: Goal focused threat emulation assessment, annually at a minimum
• Create a list of risks / issues and prioritize remediation and investment 
• Amend the policy 
• Reassess to gauge effectiveness

DETECTION

getting alerts

cameras

• Offline
• Face Match
• After-hours Activity 
• Trip wires
• License Plates

PACS

• Bad badge reads
• Unusual activity (Late hour access)
• Offline Badge Reader
• Imposable Badge Read

human

• Suspicious Activity Reports 

response

response planning

• Create a physical security response plan
  • What are you going to do
  • Who are you going to notify
  • How will you contain the incident 

Three Days / Tampa, FL

- Pre-sales & Authorization

- Remote Reconnaissance

- Digital Surveillance

- Surreptitious Entry Tactics

- Badge Cloning & Replication

- Post-Exploitation

- Live Facility Breach Exercise

Upcoming Dates (2024):

July 17 - 19

October 16 - 18

PRIVATE TRAINING AVAILABLE

Tooling Available

Tooling Available

RAFFLE

Your Mission

To earn your raffle ticket for the Practical Physical Exploitation giveaway, you must recover Thomas L33t's access code and enter it in the ticket staging box at the Black Hills Information Security booth before 6 PM on April 12, 2024. However, if you enter the access code wrong three times, the doors lock forever.