social engineering for fun and profitlessons from the sectf
Post on 25-Jul-2015
90 Views
Preview:
TRANSCRIPT
Education/Action/Protection
Social Engineering for Fun and ProfitLessons from the SECTF
Who am I?
2
Created the world’s first SE framework
CEO of Social-Engineer, Inc.
Asked by DEF CON to host an SE contest Legal
Ethical
Fun
What is Social Engineering?
“….any act that influences a person to take an action that may or may not be in their best interests…”
3
SECTF at DEF CON
A contest that demonstrates the danger of social engineering through vishing
Contestants: both experienced and n00bs
Targets: large companies selected by SEORG
Goal 1: collect all available OSINT
Goal 2: obtain “flags” on live calls during DEF CON
Strict ROEs
Legal counsel
DEF CON 18
DEF CON 19
DEF CON 20
DEF CON 21
DEF CON 22
DEF CON 23
You better come to find out….
What 5 Years Tells Us
Companies are still poor about online information leakage
Companies are still poor at repelling vishing attacks
It doesn’t take a pro to be successful
Internal pretexts work!
Implausible pretexts also work!
War Stories
Women are scary
YOU just became our next contestant…
We DO have rules
Would you believe 37 hand-offs in 30 minutes?
Posting passwords online is bad
Themes
DC 18: How Strong is your Schmooze
DC 19: The Schmooze Strikes Back
DC 20: The Battle of the Sexes
DC 21: Who is the Deadliest Warrior
DC 22: Tag Team Challenge
DC 23: You better come and find out…
Contact Me:
Chris@social-engineer.com
@humanhacker
www.social-engineer.com
www.social-engineer.org
top related