Jump to navigation Jump to content

Speaker

Dorota Kozlowska

Dorota Kozlowska

Woman in Red, Penetration Tester and Social Engineering Specialist at Black Hills Information Security

Actions

So called Woman in Red, Offensive security specialist, Keynote speaker, Podcaster.

Certified in Covert Access, Physical Auditing, and Elicitation, with proven expertise in physical penetration testing and security audits. I enjoy blending my technical penetration testing skills, hands-on physical security experience, and evolving Red Teaming capabilities.

Beyond my technical expertise, a host a Twitch podcast "Ethical Hacking, Guests, and Wholesomeness" and an international keynote speaker on Offensive Security related topics. My articles were published in HVCK and Top Cyber News Magazine (TCNM).
I am a contributor to upcoming cybersecurity books:

- Preface contributor: Introduction to Red Operations 2.0 – A Basic Guide for Your Red Team Operations by Joas A. Santos.
- Technical reviewer: Hacking Mainframes: Dispelling the Myth of the Impenetrable Fortress by Kevin Milne.

My contributions to cybersecurity have been recognized with the Cyber Woman Hope Award by CEFCYS and featured on the "40 Under 40 in Cybersecurity 2023" list by TCNM.

I have been selected to present at events such as:

- WWHF @ Mile High 2025
- Disobey 2025
- FIC EUROPE 2023 & 2024
- WGU 2024
- BSIDES Kraków 2024
- DEFCON Warsaw Meetup (dc4822) 2024

Excited for upcoming talks at:

- Red Team Summit 2025
- NorthSec 2025.

I’m an avid cyclist, archer, and guitarist outside of cybersecurity.

Links

Area of Expertise

  • Information & Communications Technology

Topics

  • Cybersecuirty
  • Penetration Testing & Ethical Hacking
  • Social Engineering and Phishing:
  • Physical Penetration Testing
  • Physical Audit
  • Lockpicking
  • Psychology & Body Language
  • Digital Psychology & Persuasion
  • Social Engineering & Phishing Investigation
  • AI in Phishing Detection and Email Security
  • Psychology of Phishing - Designing Human-Centered Security Awareness programs
  • Persuation
  • Elicitation
  • Pentesting
  • Threat groups
  • APT groups
  • MITRE ATT&CK
  • Social Emotional Intelligence
  • Covert Access
  • Cybersecurity Awareness and Training Programs
  • Cybersecurity Awareness & Best Practices
  • Emotional Intelligence
  • Body language
  • Reading Human Behaviour

Sessions

Social engineering and elicitation techniques of hacking a human being.

Presentation of Social engineering theory, and techniques, going in-depth to learn about elicitation and building rapport with your potential victim. Examples of real-life attacks, and final thoughts on who could be a social engineer and how to defend yourself against one. The person listening to my talk will end it with tangible knowledge on social engineering and places to go if they want to learn more.

Agenda:
1. What is social engineering? Examples.
2. Becoming Anyone you want to be - Pretexting.
3. Four Phases of Social Engineering (Reconnaissance, Engagement, Exploitation, Closure);
4. Building your artwork: What is elicitation? Elicitation Techniques.
5. I know how to make you like me: Building Rapport.
6. Examples of Real Social Engineering Attacks.
7. Now What? Skills you need to become a social engineer, and how to defend yourself.
8. Conclusion, final thoughts

- Disobey Conference 2025/Helsinki [link] https://www.youtube.com/watch?v=sESh2CCVCW0
- Forum in Cyber North America 2024,
- Driving IT 2024/Copenhagen,
- BSides Cracow 2024, [link] https://www.linkedin.com/posts/dorota-kozlowska_nevergiveup-learningeveryday-growth-activity-7240711092820230144-xuEU/
- DC4822 (Warsaw DEF CON Group) 2024 [link] https://www.linkedin.com/posts/dc4822_cybersecurity-hacking-techcommunity-activity-7250801757725876224-T9hp/

Social Engineering for Covert Access Assignments

This presentation will explore the strategic use of social engineering in penetration testing, focusing on gaining covert access to a client's server room. I will outline how to perform reconnaissance, gather intelligence on company structure, employee behavior, and security vulnerabilities. Attendees will learn effective social engineering tactics such as pretexting, tailgating, baiting, and phishing, all designed to manipulate human behavior and bypass physical security.

I will cover the importance of crafting a believable pretext, from creating fake work orders to using props like ID badges and uniforms, and demonstrate techniques for gaining access to restricted areas like server rooms, and later on how to navigate the target environment, avoid detection, and plant a symbolic flag.

Finally, the session will discuss post-engagement reporting, vulnerabilities identified, and recommendations for strengthening defenses against social engineering attacks. This talk emphasizes the ethical considerations and the need for careful planning, confidence, and adaptability throughout the operation.

Wild West Hackin' Fest @Mile High 2025 [link] https://www.youtube.com/watch?v=nNV2DcU3Lts
BSides Copenhagen 2025,
BSides Cracow 2025

Elicitation - Weaponization of Social Engineering for Covert Access Operations

The presentation covers the fundamentals, methods, and practical applications of social engineering, including its definition, importance in covert access operations, and real-world examples. It delves into psychological principles, methods such as pretexting, mirroring, and active listening, and explores how to exploit human biases, curiosity, and information gaps.
The presentation also touches on countermeasures and defensive strategies, ethical considerations, and legal boundaries, highlighting the importance of recognizing elicitation attempts, using active defense, and adhering to laws and regulations governing social engineering practices.

BSIDES Lisbon 2025 [link] https://www.youtube.com/watch?v=iEQBVFVc8fA
Wild West Hackin' Fest @Deadwood 2025 [link] https://www.youtube.com/watch?v=1mWrreMAB8M

Social Engineering for Physical Pentesting Engagements

This presentation will explore the strategic use of social engineering in penetration testing. Attendees will learn effective social engineering tactics such as pretexting, tailgating, baiting, and phishing, all designed to manipulate human behaviour and bypass physical security.

Northsec 2025 Conference
Antisyphon Training powered Red Team Summit 2025

Social engineering: the Art of Hacking a Human Being

Presentation of Social engineering theory, and techniques, going in-depth to learn about elicitation and building rapport with your potential victim. Examples of real-life attacks, and final thoughts on who could be a social engineer and how to defend yourself against one. The person listening to my talk will end it with tangible knowledge on social engineering and places to go if they want to learn more.

Antisyphon Training Webcast 2025: [link] https://www.youtube.com/live/pwulFedw8zc
Flare TI Friday 2025 [link] https://www.linkedin.com/events/tifriday7368663780437741568/

Dorota Kozlowska

Woman in Red, Penetration Tester and Social Engineering Specialist at Black Hills Information Security

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top