06-27, 11:45–12:05 (Europe/Vienna), Dachsaal (Track 2 )
For years, the cybersecurity community has worshiped at the altar of the MITRE ATT&CK® framework to track digital adversary behaviors. We spend millions hardening the cloud, fine-tuning EDRs, and chasing zero-days, yet we consistently forget one glaring reality: an adversary can just walk through the front door with a high-vis vest and a clipboard.
Enter PACT (Physical Access & Control Taxonomy). Built to bridge the grand canyon between meatspace and cyberspace, PACT is an open-source, community-driven framework that translates physical tactics, techniques, and procedures (TTPs) into a structured matrix that mirrors the MITRE ATT&CK format.
We spend millions hardening the cloud, fine-tuning EDRs, and chasing zero-days, yet we consistently forget one glaring reality: an adversary can just walk through the front door with a high-vis vest and a clipboard. For years, the cybersecurity community has worshiped at the altar of the MITRE ATT&CK® framework to track digital adversary behaviors. Meanwhile, physical security has remained trapped in a legacy bubble of "locks, blocks, and glocks," utilizing entirely different risk languages.
When a threat actor breaks into a facility to deploy a network implant, is it a cyber attack or a physical breach? It's both-and our current defense matrices fail to map this convergence.
Enter PACT (Physical Access & Control Taxonomy). Built to bridge the grand canyon between meatspace and cyberspace, PACT is an open-source, community-driven framework that translates physical tactics, techniques, and procedures (TTPs) into a structured matrix that mirrors the MITRE ATT&CK format. This talk will rip off the band-aid of siloed security, break down the anatomy of the PACT matrix, and demonstrate how Red and Blue teams can finally use a single, unified language to hunt threats across both the digital and physical realms.
I’m a caffeine-powered Red Teamer @ slashsec specializing in tearing apart Active Directory, conducting physical reconnaissance, and talking my way into places I shouldn't be. If I'm not dumping your credentials, I'm probably casing your facility or cloning your badge.