1. InfoconDB
  2. BruCON
  3. BruCON 0x0A (2018)
  4. Social engineering for penetration testers

Social engineering for penetration testers

Presented at BruCON 0x0A (2018), Oct. 3, 2018, 4 p.m. (60 minutes)

2009 talk overview: In recent years, people have become more familiar with the term "social engineering", the use of deception or impersonation to gain unauthorised access to resources from computer networks to buildings. Does this mean that there are fewer successful social engineering attacks? Probably not. In fact, because computer security is becoming more sophisticated and more difficult to break (although this is still very possible) more and more people are resorting to social engineering techniques as a means of gaining access to an organisations' resources. Logical security is at a much greater risk of being compromised if physical security is weak and security awareness is low. Performing a social engineering test on an organisation gives a good indication of the effectiveness of current physical security controls and the staff's level of security awareness. But once you have decided to perform a social engineering test, where do you start? How do you actually conduct a social engineering test? 2018 talk overview: It’s 2018 and we can’t get enough social engineering. People are still falling for social engineering scams and criminals are using more social engineering techniques than ever. On the plus side, social engineering testers are busier than ever too. So how do you actually conduct a social engineering test in 2018? Has much changed over the past decade? Thanks to recycling, dumpster diving is a lot less disgusting, that’s for sure. Come and hear what else has changed from someone who has been delivering social engineering tests since before Brucon existed.

Presenters:

  • Sharon Conheady
    Sharon Conheady is the director of First Defence Information Security ([www.firstdefenceis.com](http://www.firstdefenceis.com)) and a founding member of The Risk Avengers ([www.riskavengers.co.uk](http://www.riskavengers.co.uk)). She specialises in the human side of security and has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. Sharon is a regular speaker at security events and has appeared as a subject matter expert on security podcasts including social-engineer.org. She is also a member of the Regional Review Board for Black Hat Europe. Sharon is the author of Social Engineering in IT Security: Tools, Tactics, and Techniques published by McGraw-Hill

Links:

Similar Presentations: