Hook, Line and Syncer: The Liar for Hire’s Ultimate Tacklebox

Presented at DerbyCon 1.0 (2011), Sept. 30, 2011, 6 p.m. (50 minutes).

This presentation is an exploration of the latest tools used in the art of social engineering. From information gathering to post exploitation, participants will get to experience “the thrill of the con” from presenters who live it each day. The presentation seeks to prove that you don’t have to be a sleazy ‘salesman’ type personality to be successful at social engineering. With the right tools and techniques, just about anyone can pull off creative exploits. While an overview of all popular tools will be given, a deep-dive will be taken into a few of the coolest tools. But even better, the presenters will discuss real-life situations in which these tools have been used. This provides the participants with a context in which to understand the tools and how they may best be leveraged for maximum ownage.


Presenters:

  • Chris Silvers
    Chris Silvers, CISSP, CWNA, CEH, CEI, Foundstone Role Chris is responsible for leading or conducting social engineering, internal and external penetration testing; Windows host, network architecture, firewall and router/switch reviews as well as enterprise security architecture and design projects. He serves as the service line lead for the social engineering practice, maintaining and developing the methodology as well as continuously enhancing techniques to reflect the threat environment. Chris also provides client education services as an instructor of the Ultimate Hacking Foundstone courses as well as the Certified Ethical Hacking (CEH), Systems Security Certified Practitioner (SSCP) and Certified Information System Security Professional (CISSP) courses. Chris has over thirteen years of information security and risk management experience in the financial services, wholesale and retail industries. Prior to working at Foundstone, Chris held the position of Security Architect at a Fortune 15 Company. While serving as a consultant for affiliate companies, Chris implemented process improvements though the use of discovery templates, process standardization and automation that saved the company over 50% in travel costs and reduced the information risk management assessment timeframe by over 80%. While working at a major central bank, Chris helped establish an inter-divisional team of penetration testers that continues to provide world-class service to that organization. Most recently, Chris taught the Ultimate Hacking Foundstone course at the 2008 Blackhat security conference in Las Vegas, Nevada.
  • “The Real” Pat McCoy
    Pat holds the position of Senior Security Consultant with Foundstone Professional Services. Pat’s responsibilities include providing Internal Penetration Testing; External Penetration Testing; Wireless Penetration Testing; Social Engineering; Windows and Unix Host Assessments; Firewall/Router/Switch Secure Configuration Reviews; Database Security Assessments; and Risk Assessments utilizing various industry standards. Pat started his career in systems and network administration, quickly transitioning into more information security specific roles and has more than ten years experience in the industry. Pat has held positions with consulting practices with various positions in the marketplace, most recently, with some of the largest in the industry such as IBM ISS. Pat’s skill set includes extensive experience in security assessment methods and practices across multiple industry sectors including technical consulting centered on frameworks such as ISO 27002, GLBA, HIPPA, FISMA, and PCI; extensive experience with industry standard tool sets for security assessment and penetration testing (vendor supported and open source); and assessment of technical security controls and mechanisms found in most enterprises. During his tenure with IBM ISS, Pat performed several large scale engagements for multiple Fortune 500 and Fortune 10 companies spanning multiple industry disciplines while maintaining a level of client satisfaction and helping clients identify solutions to security problems which fit their needs.In 2004, Pat attained his GIAC Security Essentials Certification (GSEC) from the SANS Institute.

Similar Presentations: