Automating Social Engineering for the Anti-social Engineer

Presented at Wild West Hackin' Fest 2019, Oct. 24, 2019, noon (105 minutes).

While modern technical controls and protections can thwart basic phishing attempts, phone communication remains a lucrative avenue for would-be attackers. This is a typical route used to gain a foothold into an environment via an unsuspecting employee. However, this time-consuming manual process makes documenting and utilizing your social engineering results difficult. Fortunately, existing interactive voice response (IVR) technology can help solve this problem. While these systems are typically used to assist people, we could also leverage them to attack. The abundance of cloud-based services makes this easy to accomplish and even easier to expand upon with your own custom scenarios, all while capturing respondent information. This presentation will cover how to take existing, off-the-shelf tools and configure them to build your own social engineering “robot”.

Presenters:

  • Patrick Sayler - NetSPI
    Patrick Sayler is approaching ten years of experience in the information security industry with more than six years dedicated to penetration testing. During this time, he has worked across a wide range of industries, including aerospace, financial services, manufacturing, healthcare, retail, and biotechnology. He joined NetSPI in 2016 and leads its phone-based and on-site social engineering assessments.

Links:

Similar Presentations: