410 likes | 533 Views
social engineering the dark art. social engineering defined. b eyond the d ictionary. social engineering defined. beyond the dictionary. social engineering is…
E N D
social engineering defined beyond the dictionary
social engineering defined beyond the dictionary social engineering is… an attack on the trust relationships and processes of an organization designed to grant unauthorized privilege or access to the attacker.
social engineering defined beyond the dictionary social engineering is… an attack on the human firewall.
social engineering defined beyond the dictionary social engineers use… small pieces of information, repeated attacks, multiple techniques, technology for assistance and good social skills to break in.
methodology lather, rinse, repeat
methodology lather, rinse, repeat
reconnaissance reach out and fist someone dial for dollars interactive recon
reconnaissance executive vainglory
reconnaissance tom is your fiend weakest link in the chain site:linkedin.com -dir inurl:pub “company" site:facebook.com “company" site:facebook.com “person" monster bait site:monstercom “company"
reconnaissance I am from the government and I’m here to help http://www.fec.gov/finance/disclosure/advindsea.shtml
reconnaissance with vendors like these…
reconnaissance my other google is maltego
the art of disguise incognito is not a ludacris album
the art of disguise the invisible man janitors maintenance people delivery personnel contractor
the art of disguise all for one and one for fail it guy corporate lackey “new guy” Your Logo
the art of disguise props and toys that don’t ship in a brown wrapper computer gear id badge work order clipboard portable media
the art of disguise on the internet nobody knows you’re a god pretext calling spear phishing social networks
the art of disguise sufficiently advanced technology is indistinguishable from magic email caller id rfid
getting what you want sycophants make great minions • appeal to authority appeal to authority
getting what you want cute puppy-dog eyes • appeal to authority • plea for help plea for help
getting what you want white knight security • appeal to authority • plea for help • offer of help offer of help
getting what you want friends don’t let friends get social engineered • appeal to authority • plea for help • offer of help • developing rapport developing rapport
getting what you want let someone else create the sycophant for you • appeal to authority • plea for help • offer of help • developing rapport • name dropping name dropping
getting what you want where there’s a will there’s a way • appeal to authority • plea for help • offer of help • developing rapport • name dropping etcetera
typical scenario what does an attack look like? corporate headquarters, this is judyavalon. how may i direct your call.
typical scenario what does an attack look like? hello, this is natehanson from iron mountain. i was trying to get in touch with the it manager.
Typical Scenario What Does an Attack Look Like? Certainly, Mr. Hanson. I’ll transfer you now. Thank you.
Typical Scenario What Does an Attack Look Like? You have reached the voicemail of Ted Simmons…. <CLICK>
typical scenario what does an attack look like? sunnyvale branch, melanie brooks speaking. melanie, this is natehanson from the it department. my boss, ted simmons asked me to call to find out if your location is having problems yet.
typical scenario what does an attack look like? no…. that “yet” sounds bad. yes, ma’am, we think judyavalon’s computer started it. i need you to run some commands for me so your branch won’t be affected.
typical scenario what does an attack look like? secret virus
typical scenario what does an attack look like? ok, now what? that’s it, melanie. you saved your branch. thanks a lot!
typical scenario what does an attack look like? <printer noises> social engineering strikes again!