WWHF @ Mile High 2025

This presentation will explore the strategic use of social engineering in penetration testing, focusing on gaining covert access to a client's server room. I will outline how to perform reconnaissance, gather intelligence on company structure, employee behavior, and security vulnerabilities. Attendees will learn effective social engineering tactics such as pretexting, tailgating, baiting, and phishing, all designed to manipulate human behavior and bypass physical security.

I will cover the importance of crafting a believable pretext, from creating fake work orders to using props like ID badges and uniforms, and demonstrate techniques for gaining access to restricted areas like server rooms, and later on how to navigate the target environment, avoid detection, and plant a symbolic flag.

Finally, the session will discuss post-engagement reporting, vulnerabilities identified, and recommendations for strengthening defenses against social engineering attacks.

This talk emphasizes the ethical considerations and the need for careful planning, confidence, and adaptability throughout the operation.