Weaponizing information - how to craft a credible attack pretext

Presented at Disobey 2020, Feb. 15, 2020, 3:30 p.m. (120 minutes).

We will go through some basic tools and principles for Open Source Intelligence (OSINT) and see what kind of information we can find from our potential targets and then figure out what is something we could use to create a believable phishing package.

In this workshop we do not craft technical malware packages but focus on the information gathering and thinking more about how we can get the psychological effect that our package would be opened by the would-be target.

We ask the participants to figure out in advance a target organization they wish to conduct the reconnaissance on.

Pre-requisite: Laptop

Presenters:

• Riku Juurikko - Senior Security Manager at Elisa
  By understanding how the attackers think, we can better defend against them. Riku is passionate about psychology and secrets of the human mind and how it can be influenced. He wishes to raise awareness about fraudsters and other crooks who fool innocent people.
• Lauri 'OpEs' Vakkala - Security analyst at Silverskin Information Security
  Lauri is OSINT Enthusiast and penetration tester making the world a more secure place everyday. His current role at Silverskin involves penetration testing a variety of targets from web applications to intra networks and IoT devices.

Links:

• https://disobey.fi/2020/profile/weaponizing_information

Similar Presentations:

• ToorCon San Diego 19 (2017) / From 90′s to 20′s | Espionage to Intelligence - Birth Of OSINT
• BSidesLV 2017 / Hands-on OSINT Crash Course for Hackers
• Kernelcon 2020 Virtual / Getting started with OSINT