Education/Action/Protection

Social Engineering for Fun and ProfitLessons from the SECTF

Who am I?

2

Created the world’s first SE framework

CEO of Social-Engineer, Inc.

Asked by DEF CON to host an SE contest Legal

Ethical

Fun

What is Social Engineering?

“….any act that influences a person to take an action that may or may not be in their best interests…”

3

SECTF at DEF CON

A contest that demonstrates the danger of social engineering through vishing

Contestants: both experienced and n00bs

Targets: large companies selected by SEORG

Goal 1: collect all available OSINT

Goal 2: obtain “flags” on live calls during DEF CON

Strict ROEs

Legal counsel

DEF CON 18

DEF CON 19

DEF CON 20

DEF CON 21

DEF CON 22

DEF CON 23

You better come to find out….

What 5 Years Tells Us

Companies are still poor about online information leakage

Companies are still poor at repelling vishing attacks

It doesn’t take a pro to be successful

Internal pretexts work!

Implausible pretexts also work!

War Stories

Women are scary

YOU just became our next contestant…

We DO have rules

Would you believe 37 hand-offs in 30 minutes?

Posting passwords online is bad

Themes

DC 18: How Strong is your Schmooze

DC 19: The Schmooze Strikes Back

DC 20: The Battle of the Sexes

DC 21: Who is the Deadliest Warrior

DC 22: Tag Team Challenge

DC 23: You better come and find out…

Contact Me:

Chris@social-engineer.com

@humanhacker

www.social-engineer.com

www.social-engineer.org