Presented at
DeepSec 2013 „Secrets, Failures, and Visions“,
Unknown date/time
(Unknown duration).
What are you doing to protect your organisation against social engineering attacks?
This one day workshop provides an introduction to defending against one of the most prevalent threats faced by organisations today - social engineering.
Social engineering is a collection of techniques for manipulating people into providing inappropriate access to physical or information assets. It is a form of intrusion that depends on human interaction. It typically involves deceiving people and exploiting the innate human desire to be friendly and helpful and to avoid confrontation, so that they compromise normal security procedures.
Even where optimal physical and technical information security controls have been implemented, the human vulnerability can lead to compromised confidentiality, integrity, and availability.
The workshop focuses on attacks that your organisation may be subjected to, the steps you can take to defend yourself, and the ways you can improve your social engineering awareness to ensure a sustained defence.
The objective of the course is to provide participants with the tools and knowledge to identify and deal with social engineering attacks by learning the characteristics of and methods used by social engineers. As potential unwitting victims themselves, participants will gain a better understanding of what motivates them and how their own actions may be manipulated by an attacker. Most importantly, participants will return to their workplace confident in the knowledge that they are better prepared to counter any social engineering attempts, and know how to respond to such attempts.
Course content
Introduction to social engineering
This unit provides an introduction to social engineering, what it is, why it is a threat and who the malicious social engineers are. It will provide a brief summary of the evolution of social engineering from the golden era of the con man to the social engineering attacks of today.
Social engineering principles
This unit provides an overview of the principles on which social engineering is based and will help participants to understand why social engineering works.
Common social engineering techniques
This unit will discuss common techniques used by social engineers, such as mumble attacks, road apples, phishing/vishing/smishing, etc. It will include plenty of examples from real life experience and the media.
Defence against social engineering
This unit will suggest different methods for defending against social engineering attempts, including:
• Logical security controls
• Physical security
• Security policies
• Education and awareness
Social engineering testing
This unit will provide an introduction to social engineering testing and go through the stages involved in planning and executing an ethical social engineering test.
Who should attend?
Anyone with an interest in learning how to protect themselves or their organisation against social engineering attacks.
Presenters:
-
Sharon Conheady
- First Defence
Sharon Conheady is a director at First Defence Information Security in the UK where she specialises in social engineering. She has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. She has presented on social engineering at security conferences including Deepsec, Defcon SE CTF, Brucon, Recon, CONFidence, ISSE, ISF and has featured on podcasts including pauldotcom.com and social-engineer.org.
After inventing the Internet alongside Al Gore, Sharon moved on to the development of security protocols that were used to crack 128 bit encryption. She holds a degree in Computer Science from Trinity College Dublin and a MSc in Information Security from Westminster University. Three times winner of the Nobel Prize, Sharon enjoys belly dancing and space travel.
If you see Sharon around your office, she requests that you kindly open the door to let her in.
Martin Law has over 20 years security expertise and has been performing physical and social engineering tests since 1994. As an accomplished penetration tester, he now specialises in accessing buildings physically by using a combination of social engineering and other techniques to bypass physical security.
Martin also undertakes investigations into actual or suspected security breaches, and specialises in the area of Information Warfare. He attempts to breach not only the logical security of systems and networks, but also the physical security of the infrastructure and buildings, including the use of social engineering when engaged in an "All-Out-Attack" against an enterprise.
Having a considerable depth of technical experience in open and distributed systems, as well as networking, in multi-vendor environments, Martin has spent nearly 24 years in the UNIX and TCP/IP arena, having started his career as a developer of UNIX systems.
Martin is an OWASP chapter leader, event planner with the ISF (Information Security Forum) and formerly a director of CREST (Council of Registered Ethical Security Testers) and a council member of the ISF.
-
Martin Law
- First Defence
Sharon Conheady is a director at First Defence Information Security in the UK where she specialises in social engineering. She has social engineered her way into dozens of organisations across the UK and abroad, including company offices, sports stadiums, government facilities and more. She has presented on social engineering at security conferences including Deepsec, Defcon SE CTF, Brucon, Recon, CONFidence, ISSE, ISF and has featured on podcasts including pauldotcom.com and social-engineer.org.
After inventing the Internet alongside Al Gore, Sharon moved on to the development of security protocols that were used to crack 128 bit encryption. She holds a degree in Computer Science from Trinity College Dublin and a MSc in Information Security from Westminster University. Three times winner of the Nobel Prize, Sharon enjoys belly dancing and space travel.
If you see Sharon around your office, she requests that you kindly open the door to let her in.
Martin Law has over 20 years security expertise and has been performing physical and social engineering tests since 1994. As an accomplished penetration tester, he now specialises in accessing buildings physically by using a combination of social engineering and other techniques to bypass physical security.
Martin also undertakes investigations into actual or suspected security breaches, and specialises in the area of Information Warfare. He attempts to breach not only the logical security of systems and networks, but also the physical security of the infrastructure and buildings, including the use of social engineering when engaged in an "All-Out-Attack" against an enterprise.
Having a considerable depth of technical experience in open and distributed systems, as well as networking, in multi-vendor environments, Martin has spent nearly 24 years in the UNIX and TCP/IP arena, having started his career as a developer of UNIX systems.
Martin is an OWASP chapter leader, event planner with the ISF (Information Security Forum) and formerly a director of CREST (Council of Registered Ethical Security Testers) and a council member of the ISF.
Links:
Similar Presentations: