NCC Group Open Forum

• What we'll do
Join us for an evening of appetizers, drinks, and talks about physical security!

---

SPEAKER: Chris Kuethe, Security Engineer at Box
PRESO TITLE: Lessons learned while migrating access control systems
PRESO SUMMARY: In late 2015 Box moved from Los Altos to Redwood city. We all spent a couple of weeks working from home (or commuting to the SF office) while movers fork-lifted our old building into the new digs. This talk highlights some of the things we learned in the process: bulk data import/export/command capabilities are critical to any modern system, as are well-documented APIs. Develop cross-functional relationships between your PhySec and IT/SecEng teams to allow you to built custom tools and functionality without being subject to vendor lock-in.
SPEAKER BIO: Former public sector sysadmin goes into private industry seeking fame, fortune, and 0-day lulz. Chris's other interests include Software Defined Radio, Microcontrollers, and Barbecue.

---

SPEAKER: Daniel "unicornFurnace" Crowley, Research Baron at IBM X-Force Red
PRESO TITLE: Electronic Physical Access Control Systems: Advantages and Disadvantages
PRESO SUMMARY: Physical access control is nothing new. In the last decade, however, many organizations have moved to managing physical access control using electronics on varying levels from computerized video surveillance and physical intrusion detection systems to networked electromechanical door locks and visitor management systems. This talk will explore the advantages and disadvantages of using computerized, networked physical access control solutions and discuss what attacks (some theoretical, and some proven) against these systems mean for those who rely on them.
SPEAKER BIO: Daniel is a penetration tester, ethical hacker, breaker of things, or however else you'd like to put it. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including BlackHat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel's work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand.

---

SPEAKER: Shawn Pearcy, Associate Security Consultant at NCC Group
PRESO TITLE: Physical Security; Tooling Around
PRESO SUMMARY: This talk will cover the various types of physical pentest tools for different use cases (mostly bypass tools) and various ways to make or improvise your own.
SPEAKER BIO: Shawn Pearcy is an Associate Security Consultant with NCC Group, a global information security firm specializing in application, network, and mobile security. Beginning with telecommunication support in the US Army followed by a technical support role, Shawn was exposed to the importance of security, leading him to focus on info sec. Shawn then completed a Bachelor of Science in Applied Sociology with a Computer Science minor at Texas State University, (with a focus on deviance, crime, and computer security) while working in the Information Security office (where he performed vulnerability analysis, penetration testing, and incident response; including conducting forensics for the University Police). Prior to NCC Group, Shawn worked as an Application Security Analyst with Trustwave Spiderlabs, while completing a Master of Arts in Sociology. • What to bring
Yourself and any security minded people you know who would like to get involved in the Austin infosec scene!

• Important to know
Closest Parking Lot is at Trinity & E 7th Street