Dorota Kozlowska Penetration Tester, Black Hills Information Security
Experienced cybersecurity professional with experience in Penetration Testing across Web, API, Network, and Mobile platforms, coupled with 7 years as a versatile Test Engineer & QA. Known for independently identifying and exploiting vulnerabilities to fortify organizational security, and backed by 8 years of Project Management expertise.
Skilled in simulating real-world attacks, conducting comprehensive security assessments, and providing actionable insights to enhance defenses. Certified in Covert Access, Physical Audit, and Elicitation Toolbox from the Covert Access Team, with demonstrated proficiency in physical penetration testing and security audits. Actively pursuing advanced Red Teaming training, dedicating personal time to mastering adversarial tactics, techniques, and procedures (TTPs). Eager to combine my Penetration Testing knowledge, physical security capabilities, and evolving Red Teaming skills to contribute to a team focused on proactive threat emulation and defense enhancement.
Recognized for a strong investigative mindset, meticulous attention to detail, and exceptional communication skills, ensuring assignments are completed with confidence and precision. Praised by colleagues as 'the glue that holds the team together,' I bring kindness and support to every endeavor.
Additionally, a published author of cybersecurity and offensive security articles, featured in HVCK and Top Cyber News Magazine. Creator of the preface to the upcoming book, "INTRODUCTION TO RED OPERATIONS 2.0 - A Basic Guide for Your Red Team Operations," authored by Joas A. Santos, and a technical reviewer for the upcoming "Hacking Mainframes: Dispelling the Myth of the Impenetrable Fortress" book authored by Kevin Milne.
Honored with the Cyber Woman Hope Award by CEFCYS and recognized among the "40 under 40" in Cybersecurity 2023 by Top Cyber News Magazine. As a keynote speaker, I've presented at FIC EUROPE 2023 and 2024, WGU 2024, BSIDES Kraków 2024, DEFCON Warsaw Meetup dc4822 2024, Virtual CON 2023, and The Hack Summit 2023.
I am an avid cyclist, archer, and guitar player.
Talk: Social Engineering for Physical Pentesting Assignments
Talks will be streamed on YouTube and Twitch for free.
Abstract: Social Engineering for Physical Pentesting Assignments
This presentation will explore the strategic use of social engineering in penetration testing, focusing on gaining covert access to a client's server room. I will outline how to perform reconnaissance, gather intelligence on company structure, employee behavior, and security vulnerabilities. Attendees will learn effective social engineering tactics such as pretexting, tailgating, baiting, and phishing, all designed to manipulate human behavior and bypass physical security.
I will cover the importance of crafting a believable pretext, from creating fake work orders to using props like ID badges and uniforms, and demonstrate techniques for gaining access to restricted areas like server rooms, and later on how to navigate the target environment, avoid detection, and plant a symbolic flag.
Finally, the session will discuss post-engagement reporting, vulnerabilities identified, and recommendations for strengthening defenses against social engineering attacks. This talk emphasizes the ethical considerations and the need for careful planning, confidence, and adaptability throughout the operation.