Anúncio
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger
Social Engineering 101 or The Art of How You Got Owned by That Random Stranger

Check these out next

Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
Social Engineering Basics
Social Engineering Basics
Luke Rusten
Social engineering
Social engineering
ankushmohanty
Social engineering
Social engineering
Robert Hood
Social engineering presentation
Social engineering presentation
pooja_doshi
Social Engineering
Social Engineering
Cyber Agency
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University
1 de 25

Social Engineering 101 or The Art of How You Got Owned by That Random Stranger

20 de Apr de 2015
Baixar para ler offline
Tecnologia

My presentation that was given at North Texas ISSA Second Annual Cyber Security Conference on 4/25/2015. This presentation covers the basics of Social Engineering and provides a good base of knowledge for anyone looking to understand more about this skill, along with where to learn more.

Steven Hatfield
Security Systems Senior Advisor
Anúncio
Anúncio
Anúncio

Recomendados

Social engineering 101 or The Art of How You Got Owned by That Random StrangerSocial engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSteven Hatfield1.2K visualizações24 slides
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic1.3K visualizações35 slides
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP1K visualizações22 slides
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang1.4K visualizações15 slides
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey1.2K visualizações18 slides
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common577 visualizações13 slides

Mais conteúdo relacionado

Apresentações para você(20)

Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic6.3K visualizações
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida3.5K visualizações
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten865 visualizações
Social engineeringSocial engineering
Social engineering
ankushmohanty908 visualizações
Social engineeringSocial engineering
Social engineering
Robert Hood2.4K visualizações
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi19.1K visualizações
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency28.2K visualizações
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University463 visualizações
Social engineeringSocial engineering
Social engineering
Vishal Kumar371 visualizações
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl7.9K visualizações
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey802 visualizações
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
Evan Francen540 visualizações
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
Raghunath G892 visualizações
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK675 visualizações
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
Aleksandr Yampolskiy2.9K visualizações
Social EngineeringSocial Engineering
Social Engineering
primeteacher32676 visualizações
Social EngineeringSocial Engineering
Social Engineering
William Gregorian910 visualizações
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation734 visualizações
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community1.1K visualizações
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1220 visualizações

Similar a Social Engineering 101 or The Art of How You Got Owned by That Random Stranger(20)

NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...
NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...
North Texas Chapter of the ISSA1.6K visualizações
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
North Texas Chapter of the ISSA240 visualizações
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
North Texas Chapter of the ISSA125 visualizações
Cyber crime &_info_securityCyber crime &_info_security
Cyber crime &_info_security
Er Mahendra Yadav1.1K visualizações
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
TI Safe193 visualizações
NTXISSACSC2 - Why Lead with Risk? by Doug LandollNTXISSACSC2 - Why Lead with Risk? by Doug Landoll
NTXISSACSC2 - Why Lead with Risk? by Doug Landoll
North Texas Chapter of the ISSA1.4K visualizações
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
North Texas Chapter of the ISSA2.3K visualizações
Network security monitoring with open source toolsNetwork security monitoring with open source tools
Network security monitoring with open source tools
terriert576 visualizações
Bagesh_Data Privacy and Security.pdfBagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdf
AyushSingh22454512 visualizações
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
zapp01.4K visualizações
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi2.8K visualizações
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
Inderjeet Singh5.2K visualizações
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
Security Innovation1.5K visualizações
NTXISSACSC4 - A Brief History of Cryptographic FailuresNTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic Failures
North Texas Chapter of the ISSA1.3K visualizações
Social EngineeringSocial Engineering
Social Engineering
Muhanned Alaqili371 visualizações
A Brief History of Cryptographic Failures - MorkA Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - Mork
Nothing Nowhere158 visualizações
A Brief History of Cryptographic FailuresA Brief History of Cryptographic Failures
A Brief History of Cryptographic Failures
Nothing Nowhere1.6K visualizações
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshare
Peter HJ van Eijk1.7K visualizações
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
SITA2.4K visualizações
Bar Camp 11 Oct09 HackingBar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 Hacking
Barcamp Kerala679 visualizações
Anúncio

Último(20)

What to do if Your Kafka Streams App Gets OOMKilled? with Andrey SerebryanskiyWhat to do if Your Kafka Streams App Gets OOMKilled? with Andrey Serebryanskiy
What to do if Your Kafka Streams App Gets OOMKilled? with Andrey Serebryanskiy
HostedbyConfluent0 visão
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
TrustArc0 visão
Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...
Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...
HostedbyConfluent0 visão
Our Business Goals.pdfOur Business Goals.pdf
Our Business Goals.pdf
mennaHendy0 visão
Dataflows for Machine Learning Operations with Alex Rakowski & Andrei PaleyesDataflows for Machine Learning Operations with Alex Rakowski & Andrei Paleyes
Dataflows for Machine Learning Operations with Alex Rakowski & Andrei Paleyes
HostedbyConfluent0 visão
Storage Capacity Management on Multi-tenant Kafka Cluster with Nurettin OmerogluStorage Capacity Management on Multi-tenant Kafka Cluster with Nurettin Omeroglu
Storage Capacity Management on Multi-tenant Kafka Cluster with Nurettin Omeroglu
HostedbyConfluent0 visão
PEMBANGKIT_1.pptPEMBANGKIT_1.ppt
PEMBANGKIT_1.ppt
DediTriLaksono10 visão
Aristiun Whitepaper- Automated Threat Modelling with AribotAristiun Whitepaper- Automated Threat Modelling with Aribot
Aristiun Whitepaper- Automated Threat Modelling with Aribot
Aristiun B.V. 0 visão
Intelligent, Automatic Restarts for Unhealthy Kafka Consumers on Kubernetes w...Intelligent, Automatic Restarts for Unhealthy Kafka Consumers on Kubernetes w...
Intelligent, Automatic Restarts for Unhealthy Kafka Consumers on Kubernetes w...
HostedbyConfluent0 visão
Digital Marketing Plan.pdfDigital Marketing Plan.pdf
Digital Marketing Plan.pdf
mennaHendy0 visão
Unveiling the Inner Workings of Apache Kafka® with Flamegraphs with Christo L...Unveiling the Inner Workings of Apache Kafka® with Flamegraphs with Christo L...
Unveiling the Inner Workings of Apache Kafka® with Flamegraphs with Christo L...
HostedbyConfluent0 visão
Plant Disease Detection.pptxPlant Disease Detection.pptx
Plant Disease Detection.pptx
vikasmittal920 visão
ARTIFICIAL INTELLIGENCE.pptxARTIFICIAL INTELLIGENCE.pptx
ARTIFICIAL INTELLIGENCE.pptx
Butterfly education 0 visão
Segment Data Analytics for Indie Developers: KCDC 2023Segment Data Analytics for Indie Developers: KCDC 2023
Segment Data Analytics for Indie Developers: KCDC 2023
Elizabeth (Lizzie) Siegle0 visão
AI-Driven Market Research PlatformAI-Driven Market Research Platform
AI-Driven Market Research Platform
Prasanna Hegde0 visão
Intro to Text Classification with TensorFlowIntro to Text Classification with TensorFlow
Intro to Text Classification with TensorFlow
Elizabeth (Lizzie) Siegle0 visão
Power futures.pptxPower futures.pptx
Power futures.pptx
ssuser17d4710 visão
Powering Consistent, High-throughput, Real-time Distributed Calculation Engin...Powering Consistent, High-throughput, Real-time Distributed Calculation Engin...
Powering Consistent, High-throughput, Real-time Distributed Calculation Engin...
HostedbyConfluent0 visão
CyberEthics.pptCyberEthics.ppt
CyberEthics.ppt
ANKITKUMAR9209950 visão
Deep Dive into Kafka Connect Protocol with Catalin PopDeep Dive into Kafka Connect Protocol with Catalin Pop
Deep Dive into Kafka Connect Protocol with Catalin Pop
HostedbyConfluent0 visão

Social Engineering 101 or The Art of How You Got Owned by That Random Stranger

  1. @NTXISSA Social Engineering 101 or The Art of How You Got Owned by That Random Stranger Steven Hatfield Security Systems Senior Advisor Dell 4/25/2015
  2. @NTXISSA About Me • 8 year Army veteran • Currently studying for Bachelors of Science in CyberSecurity at UMUC • 4 year Security Goon at DEF CON • 3 year Social Engineer Village volunteer at DEF CON • 1 year Security staff at Derbycon NTX ISSA Cyber Security Conference – April 24-25, 2015 2
  3. @NTXISSA LEGAL DISCLAIMER NTX ISSA Cyber Security Conference – April 24-25, 2015 3
  4. @NTXISSA Social Engineering 101 • Definitions • History • Social Engineering Framework • SET – Social Engineering Toolkit • Categories • Examples • Protection • Resources • Questions NTX ISSA Cyber Security Conference – April 24-25, 2015 4
  5. @NTXISSA Definition • Social Engineering (SE) is a blend of science, psychology and art. While it is amazing and complex, it is also very simple. • We define it as, “Any act that influences a person to take an action that may or may not be in their best interest.” We have defined it in very broad and general terms because we feel that social engineering is not always negative, but encompasses how we communicate with our parents, therapists, children, spouses and others. NTX ISSA Cyber Security Conference – April 24-25, 2015 5 http://www.social-engineer.org/
  6. @NTXISSA Definition • Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer. NTX ISSA Cyber Security Conference – April 24-25, 2015 6 http://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering
  7. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 7
  8. @NTXISSA History • The term sociale ingenieurs was introduced in an essay by the Dutch industrialist J.C. Van Marken in 1894. The idea was that modern employers needed the assistance of specialists—"social engineers"—in handling the human problems of the planet, just as they needed technical expertise (ordinary engineers) to deal with the problems of dead matter (materials, machines, processes). … NTX ISSA Cyber Security Conference – April 24-25, 2015 8
  9. @NTXISSA Social Engineering Framework • Social Engineering Defined • Categories of Social Engineers • Hackers • Penetration Testers • Spies or Espionage • Identity Thieves • Disgruntled Employees • Information Brokers • Scam Artists • Executive Recruiters • Sales People • Governments • Everyday People NTX ISSA Cyber Security Conference – April 24-25, 2015 9 • Why Attackers Might Use Social Engineering • Typical Goals • The Attack Cycle • Common Attacks • Customer Service • Delivery Person • Phone • Tech Support • Real World Examples • Con Men • Crime Victims • Phishing • Politicians
  10. @NTXISSA • The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open- source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community. • The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social- engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 12 months since its release, “Metasploit: The Penetrations Tester’s Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni. NTX ISSA Cyber Security Conference – April 24-25, 2015 10 SET – Social Engineer Toolkit
  11. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 11
  12. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 12
  13. @NTXISSA Examples - Common • Customer Service • Delivery Person • Phone • Tech Support • Con Men • Crime Victims • Phishing • Politicians NTX ISSA Cyber Security Conference – April 24-25, 2015 13
  14. @NTXISSA Examples - Real World • The Overconfident CEO In one case study, Hadnagy outlines how he was hired as an SE auditor to gain access to the servers of a printing company which had some proprietary processes and vendors that competitors were after. In a phone meeting with Hadnagy's business partner, the CEO informed him that "hacking him would be next to impossible" because he "guarded his secrets with his life.” "He was the guy who was never going to fall for this," said Hadnagy. "He was thinking someone would probably call and ask for his password and he was ready for an approach like that.” … NTX ISSA Cyber Security Conference – April 24-25, 2015 14 http://www.csoonline.com/article/2126983/social-engineering/social-engineering--3-examples-of-human-hacking.html
  15. @NTXISSA Examples - Real World • The theme-park scandal The target in this next case study was a theme park client that was concerned about potential compromise of its ticketing system. The computers used to check-in patrons also contained links to servers, client information and financial records. The client was concerned that if a check-in computer was compromised, a serious data breach might occur. Hadnagy started his test by calling the park, posing as a software salesperson. He was offering a new type of PDF-reading software, which he wanted the park to try through a trial offer. He asked what version they were currently using, got the information easily, and was ready for step two. … NTX ISSA Cyber Security Conference – April 24-25, 2015 15 http://www.csoonline.com/article/2126983/social-engineering/social-engineering--3-examples-of-human-hacking.html
  16. @NTXISSA Examples - Real World • The hacker is hacked Hadnagy gives a third example showing how social engineering was used for defensive purposes. He profiles 'John,' a penetration tester hired to conduct a standard network pen test for a client. He ran scan using Metasploit, which revealed an open VNC (virtual network computing) server, a server that allows control of other machines on the network. He was documenting the find with the VNC session open when, suddenly, in the background, a mouse began to move across the screen. John new it was a red flag because at the time of day this was happening, no user would be connected to the network for a legitimate reason. He suspected an intruder was on the network. … NTX ISSA Cyber Security Conference – April 24-25, 2015 16 http://www.csoonline.com/article/2126983/social-engineering/social-engineering--3-examples-of-human-hacking.html
  17. @NTXISSA Examples - Real World • Price-Matching Scam NTX ISSA Cyber Security Conference – April 24-25, 2015 17
  18. @NTXISSA Examples - Real World • Evil Maid attacks NTX ISSA Cyber Security Conference – April 24-25, 2015 18
  19. @NTXISSA Examples - Real World • Stuxnet … Stuxnet – delivered via USB sticks left around the Iranian site in a classic "social engineering" attack – used unpatched Windows vulnerabilities to get inside the SCADA at Iran's Natanz enrichment plant. It then injected code to make a PLC speed up and slow down centrifuge motors – wrecking more than 400 machines. Siemens made both the SCADA (WinCC) and the PLC (S7-300) attacked by Stuxnet. … NTX ISSA Cyber Security Conference – April 24-25, 2015 19 http://www.newscientist.com/article/dn20298-stuxnet-analysis-finds-more-holes-in-critical-software.html
  20. @NTXISSA Examples - Real World • Sing-o-gram - Michelle from SE crew … Next, Chris and I packed our dark glasses and super-spy cameras and headed to the client’s locations. Four buildings, three days, two states, no sleep. This particular client faces some big challenges when it comes to physical plant security, not the least of which is sharing buildings with other companies and retailers open to the general public. Despite having a great physical security team and RFID badging, we were able to gain access to most of their secured locations pretexting as inspectors and yes, a singing telegram (I’ll let you guess who got to do that one). We didn’t really need to do a lot of sneaky stuff; we took advantage of high traffic times and locations, acted like we belonged there, and exploited people’s general helpfulness. Using these principles, we accessed areas such their corporate mailroom, NOC, and executive offices and roamed freely without ever being stopped. … NTX ISSA Cyber Security Conference – April 24-25, 2015 20 http://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-05-issue-57/
  21. @NTXISSA Examples - Real World • News Reporter - “Bob” “I've gotten myself into a building by claiming to be interviewing them for a blog and then spending all day taking pictures and plugging flashdrives in to “print stuff“” NTX ISSA Cyber Security Conference – April 24-25, 2015 21
  22. @NTXISSA Protection • Obviously, never give out confidential information. • Safeguard even inconsequential information about yourself. • Lie to security questions, and remember your lies. • View every password reset email with skepticism. • Watch your accounts and account activity. • Diversify passwords, critical services, and security questions. NTX ISSA Cyber Security Conference – April 24-25, 2015 22
  23. @NTXISSA Resources • http://www.social-engineer.org/ • https://www.social-engineer.com/ • https://www.trustedsec.com/social-engineer- toolkit/ • http://www.amazon.com/Christopher-Hadnagy/ • http://www.social-engineer.org/category/podcast/ • DEFCON 23 CTF • http://www.derbycon.com/ • http://defcon.org/ • http://www.amazon.com/Joe-Navarro/ NTX ISSA Cyber Security Conference – April 24-25, 2015 23
  24. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 24
  25. @NTXISSA@NTXISSA The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) NTX ISSA Cyber Security Conference – April 24-25, 2015 25 Thank you
Anúncio