The Nihilist's Guide to Wrecking Humans and Systems

Presented at Kiwicon 9: Cyberwar Is Hell (2015), Dec. 10, 2015, 5:45 p.m. (45 minutes)

The fault of the computer system is that it can only follow instructions. The fault of the human is that it can only make judgement calls. When we think about this in relation to information security, it presents an interesting opportunity to destructively combine the two and use it for evil. We often assume that out of all the elements within our organisations and systems, people are most likely to expose us to risk. People create technical systems and people man these systems. The problem? We almost always focus on human and technical threats as separate risks and don't consider the harm that can be done when combined. Together, we will explore how social engineering can be used in conjunction with technical attacks to create sophisticated and destructive attack chains, share some real world scenarios and talk about what we're doing wrong to protect against these threats. We will show you how a seemingly innocent phone call can lead to complete internal network compromise, how a purposely bad phishing email can be utilised to your benefit, and how people are generally bad at trust and computers.

Presenters:

  • Shubs Shah (@infosec_au)
    Christina and Shubs are two young hackers from Sydney, Australia. Now residing in San Francisco, CA and Vancouver, BC respectively, they found themselves working for the same company as security analysts - Bishop Fox, a cool security consulting firm. Christina likes cats, breaking things and whisky. Shubs likes cats, bug bounties and absinthe.
  • Christina Camilleri / 0xkitty as Christina Camilleri (@0xkitty)
    Christina and Shubs are two young hackers from Sydney, Australia. Now residing in San Francisco, CA and Vancouver, BC respectively, they found themselves working for the same company as security analysts - Bishop Fox, a cool security consulting firm. Christina likes cats, breaking things and whisky. Shubs likes cats, bug bounties and absinthe.

Links:

Similar Presentations: