Social Engineering for Physical Pentesting Assignments
Dorota Kozlowska
NorthSec 2025 · Day 1 · Ville-Marie
Dorota Kozlowska walks through a complete social-engineering-driven physical penetration test, from OSINT reconnaissance to gaining covert access to a client's server room. She maps the four phases — reconnaissance, engagement, exploitation, and execution — onto real-world techniques: pretexting, tailgating, elicitation, and prop construction. The talk is a practical primer for security practitioners who need to understand how human manipulation sits at the center of the most consequential physical breaches. ---
AI review
Dorota Kozlowska (BHIS) delivers a structured introduction to social-engineering-driven physical penetration testing: four-phase methodology (recon, engagement, exploitation, execution), pretexting and prop construction, tailgating as a social norm exploit, elicitation technique, and OSINT foundation. Illustrated with real-world examples including the MGM Resorts vishing breach.