Presented at ToorCon San Diego 13 (2011)
Oct. 8, 2011, 1 p.m.
While most social engineers seem to have a predilection for targeting the helpdesk or other similar "low hanging fruit", the reality is that these targets more often than not restrict the attacker in the breadth and quality of information that can be gleaned. This presentation will discuss how to develop targeted internal attacks, create effective pretexts, and most important, discuss the critical elements of a successful social engineering exploit. Using examples from 22 years of work in the field, we will discuss online tools, in person versus phone social exploits, the importance of the dossier/prep work, and 3 surefire opening lines that will disarm almost any target.
Shane MacDougall is principal partner of Tactical Intelligence, a firm specializing in distressed audit consulting, information gathering and security consulting. MacDougall first started his career in 1989 at KPMG as a professional penetration tester and has been in the InfoSec trenches ever since. Shane has lectured internationally on security topics for/at BSides Las Vegas, KPMG, ISACA, CBTA, LIFT, EDPAA, and others. MacDougall was a founding member of Corrupt Computing Canada (CCCAN!), one of Canada's first hacking groups, and is a Defcon Black/Uber Badge holder for social engineering.