Tools and Techniques for Mapping the Human Attack Surface

Presented at ToorCamp 2022, July 15, 2022, 4 p.m. (50 minutes).

Modern criminals don't hack computers, they hack people. Emulating modern techniques requires modern tooling. This talk takes you on a journey from being an outsider to full domain compromise of a modern corporate network, with a focus on identifying and leveraging human targets at each step along the escalation path, all using freely available open source tools.

The central focus of this talk is the re-release of a tool called Rolodex, and how it can be used in various Red Team and Penetration Testing engagements. Rolodex is a tool for managing information about people during an engagement, from that very first LinkedIn search, all the way to that final DCSync, tracking information about the human attack surface can be instrumental to success.


Presenters:

  • Dean Pierce / @deanpierce as Dean Pierce
    Dean is a computer security researcher from Portland, Oregon. He has attended all the Toorcamps so far, and even spoken at some of them on topics such as wireless hacking, surveillance, and hacking cryptocurrency smart contracts. Lately he has been working external Red Team and Penetration Testing engagements for various companies across several industries, so that's probably the sort of thing he's going to be talking about this time.

Links:

Similar Presentations: