— Team Introduction and Campus Group Discussion
Quick recap. The team introduced themselves, discussed their backgrounds in cloud security, and shared their experiences in physical security assessments using social engineering tactics. Lastly, they explored the responsible use of hardware exploits, the value of learning through practical experimentation, and planned for future sessions.
Show 7 discussion topics
Team Introduction and Campus Group Discussion
Shawn shared his plans to edit and distribute the meeting's transcript, while Valerie discussed her new cat's behavior. The team also introduced themselves, with newcomer Enock sharing his role in the Campus Group. Shawn welcomed everyone to the group, emphasizing its openness to any questions. The team also discussed the possibility of an Easter egg contest at Black Hat.
Cloud Security Expert Networking
Shawn introduced the participants of the meeting, including Ravi, a cloud security expert from North Carolina; Mrinal, a cybersecurity professional from Boston; Bartek, a salesperson from Frankfurt with a passion for security; and romuald, a service desk worker from Asia. Shawn also welcomed Valerie, a pen tester with extensive experience in cloud security. The group discussed their backgrounds and interests, with a common goal of staying updated in the field of cloud security. Shawn emphasized the value of networking and encouraged participants to connect on LinkedIn.
Physical Security Assessments and Social Engineering Tactics
Valerie, a cloud security consultant, shared her team's experiences in conducting physical security assessments using social engineering tactics. She detailed their recent assessment of two branches of a company, where they posed as potential renters to gain access to the buildings. Valerie also discussed the challenges they faced while using long-range RFID tools, such as the Prox Mark 3, and how they successfully cloned a card using Kevin's method. She contrasted these early methods with the current, more streamlined options available. Valerie also mentioned their strategy to gain access to a secure building using RFID cards and a PIN, and how they left a warning message for the building's security team.
Valerie and Shawn's Secret Book Incident
Valerie and Shawn discussed a past incident where they both got into trouble due to a shared secret involving a book gifted by Kevin to the team, which contained their actual passwords. Valerie shared her background in legal criminalism, revealing that she swindled her first book, "The Order Deception," before realizing its potential as a tool for social engineering. She also shared her experiences with hardware hacking and her favorite sites, including a converted AT&T Longline site from the Cold War. Valerie also agreed to help Brandon with several questions he had.
Tax Surface Monitoring and Security Challenges
Brandon initiated a discussion about common errors in tax surface monitoring, with Valerie providing insights on the challenges and misunderstandings between physical security and IT security. Valerie highlighted the potential for ransomware situations and the need for better understanding and communication between these two areas. The team also discussed the issue of naming conventions in DNS, with Valerie suggesting that this could be a potential entry point for attackers. Mischa questioned the frequency of environments that were secure enough to prevent unauthorized access, to which Valerie responded that such environments often had strict limitations and testing procedures in place.
Effective Communication and Collaboration in Challenges
She discussed the challenges she faced, particularly the need to communicate effectively with both security and development teams to ensure the issues were addressed without causing defensiveness or emotional hijacking. Michael emphasized the importance of emotional intelligence and communication in these situations. Valerie agreed, highlighting that creating a collaborative environment was crucial for success. The conversation then shifted to Mischa, who had a question for Valerie.
Responsible Use of Hardware Exploits Discussion
Mischa, Valerie, and Shawn discussed the responsible use of hardware exploits, with a focus on the flipper and RFID technologies. Valerie shared her experience and emphasized the importance of understanding the underlying technology and potential risks. The group also discussed the value of learning through practical experimentation and the availability of further classes from Red Team Alliance. Future sessions were planned, with Shawn encouraging participants to suggest speakers or topics. Valerie agreed to attend the next session to see if Shawn had acquired a "Mr. Rogers Cardigan" as suggested.