Spin the bottle: Coupling technology and SE for one awesome hack

Presented at AppSec USA 2012, Oct. 26, 2012, 10 a.m. (45 minutes)

Social-Engineering is nothing new. From the dawn of man, social-engineering has been an avenue to obtain results through manipulation and deception (not always). As the creator of the Social-Engineer Toolkit (SET), I get a wide variety of experiences and new techniques in identifying ways to penetration organizations in a unique way. You never know what you are going to get on the other end. It's a game of chance, odds, and confidence. During this talk, we'll dive down into how social-engineering and technology can be used in order to compromise multiple avenues of an organization and live demonstrations of a new version of the Social-Engineer Toolkit. I'll also be walking through some of the different SE scenarios and how I overcame a number of challenges and hurdles while performing some of the most difficult red team exercises. Let's play a game of spin the bottle, where the person on the other end is a complete anomaly and unknown. Where your confidence matters and your pretext is everything.


  • David Kennedy / ReL1K as David Kennedy
    Dave Kennedy is founder and principal security consultant of TrustedSec, LLC - An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and the creator of Artillery. Kennedy has presented on a number of occasions at Blackhat, Defcon, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, ISACA, ISSA, Infragard, Infosec Summit, and a number of other security-related conferences. Kennedy has been interviewed by several news organizations including BBC World News. Kennedy is on the Back|Track and Exploit-DB development team and co-host of the Social-Engineer.org podcast and regular on ISDPodcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the three letter agencies and deployed to Iraq twice for intelligence related missions.