Blurred Lines: Digital Attacks in the Physical Realm

Presented at THOTCON 0x5 (2014), April 25, 2014, 11 a.m. (20 minutes)

As the vulnerability landscape evolves, the threat agent changes with it. Where network level vulnerabilities once ruled, the application layer has become one of the most popular and fruitful surfaces to attack. But most breaches are the result of a multi-faceted effort which combines some level of technical hacking with social engineering. During this session, learn how these blurred lines intersect, how vectors of one paradigm often relate to another. In a talk that approaches the social engineering aspect from a different angle, we'll discuss the OWASP Top 10 list from 2013 and how they can be mapped from web application security to be used to hack the human element. The vulnerabilities found in this Top 10 list are significant in terms of web application security but with the creativity of a composite attacker, learn how they can be used in the physical world and aimed at the weakest link in the security chain, the people, to cause damage or infiltrate an organization. This advanced session is aimed at penetration testers, management, and workers on the front lines who might fall prey to social engineering attacks as they interface with the public or an organization's customer base.

Presenters:

• Grape Ape
  Phil Grimes is biker, parent, and Information Security Professional with experience in providing security assessments and penetration testing services to organizations ranging from small businesses, financial institutions, e-commerce, telecommunications, manufacturing, education and government agencies, as well as international corporations. Phil started learning networking and Internet security as a hobby harassing AOL in 1996, developing his technical skill set independently until joining the professional security industry in 2009. After a change in career trajectory during 2012, vulnerability research and exploit development became a main focus of attention. Phil’s experience in application security, penetration testing, mobile/Smart Phone security, and social engineering have proven successful in assessments for high profile customers both domestically and around the globe. An accomplished speaker and presenter, Phil has engaged on various topics for notacon, CUISPA conferences, and at the Central Ohio ISSA InfoSec Summit in addition to various other speaking appearances to a wide range of audiences.

Similar Presentations:

• Black Hat Europe 2017 / Protecting Your Organization Against Social Engineering Attacks
• REcon 2011 / The Future of Social Engineering
• DeepSec 2013 „Secrets, Failures, and Visions“ / Social Engineering Awareness Training - One Day Training Course