{"code":"3GKCFS","speakers":[{"code":"JYSE3Z","name":"Darius Beckert","biography":"I’m a caffeine-powered Red Teamer @ slashsec specializing in tearing apart Active Directory, conducting physical reconnaissance, and talking my way into places I shouldn't be. If I'm not dumping your credentials, I'm probably casing your facility or cloning your badge.","avatar":"http://cfp.bsidesvienna.at/media/avatars/2025-09-22_13-58-45_DWVC0sj.png"}],"title":"Your Firewall Won’t Save You From a Crowbar: Introducing the PACT Framework","submission_type":{"en":"Short Talk"},"track":{"en":"Dachsaal (Track 2 - 190 pax)"},"state":"confirmed","abstract":"For years, the cybersecurity community has worshiped at the altar of the MITRE ATT&CK® framework to track digital adversary behaviors. We spend millions hardening the cloud, fine-tuning EDRs, and chasing zero-days, yet we consistently forget one glaring reality: an adversary can just walk through the front door with a high-vis vest and a clipboard. \r\nEnter PACT (Physical Access & Control Taxonomy). Built to bridge the grand canyon between meatspace and cyberspace, PACT is an open-source, community-driven framework that translates physical tactics, techniques, and procedures (TTPs) into a structured matrix that mirrors the MITRE ATT&CK format.","description":"We spend millions hardening the cloud, fine-tuning EDRs, and chasing zero-days, yet we consistently forget one glaring reality: an adversary can just walk through the front door with a high-vis vest and a clipboard. For years, the cybersecurity community has worshiped at the altar of the MITRE ATT&CK® framework to track digital adversary behaviors. Meanwhile, physical security has remained trapped in a legacy bubble of \"locks, blocks, and glocks,\" utilizing entirely different risk languages.\r\n\r\nWhen a threat actor breaks into a facility to deploy a network implant, is it a cyber attack or a physical breach? It's both-and our current defense matrices fail to map this convergence.\r\n\r\nEnter PACT (Physical Access & Control Taxonomy). Built to bridge the grand canyon between meatspace and cyberspace, PACT is an open-source, community-driven framework that translates physical tactics, techniques, and procedures (TTPs) into a structured matrix that mirrors the MITRE ATT&CK format. This talk will rip off the band-aid of siloed security, break down the anatomy of the PACT matrix, and demonstrate how Red and Blue teams can finally use a single, unified language to hunt threats across both the digital and physical realms.","duration":20,"slot_count":1,"do_not_record":false,"is_featured":false,"content_locale":"en","slot":{"room":{"en":"Dachsaal (Track 2 )"},"start":"2026-06-27T11:45:00+02:00","end":"2026-06-27T12:05:00+02:00"},"image":null,"resources":[]}