I have spent 10 years in this industry performing pentests, adversarial emulation, physical security assessments, social engineering and more. I have seen some things, and I have done some things.
In this presentation I will share examples of some of the wildest things I have encountered; embarassingly bad security at large organizations, shockingly good security at small organizations, and crazy lengths I have had to do to 'get in and get the crown jewels'.
The stories are real, but the names are changed to protect those involved. You'll laugh, you'll groan, you'll shake your head in disbelief. I'm not dropping 0-days, or new tools. Just sharing some of the craziest experiences I have had as a 'professional'.
