How Attackers Use Social Engineering To Bypass Your Defenses (Source Boston 2010)
Description:
This is the video of the presentation titled "
Knock, knock. How attackers use social engineering to bypass your Defenses" given by Lenny Zeltser and Savvis of the SANS Institute at
SOURCE Boston 2010.Abstract: Why bother breaking down the door if you can simply ask the person inside to let you in? Social engineering works, both during penetration testing and as part of real-world attacks. This talk explores how attackers are using social engineering to compromise defenses. It presents specific and concrete examples of how social engineering techniques succeeded at bypassing corporate security defenses.
Lenny Zeltser reviews how attackers have bypassed technological controls by making use of social engineering techniques such as:
* Starting attacks in the physical world, rather than the virtual Internet: We have spent most of our lives in the physical world, whose norms we know well. As a result, we tend to trust messages that come to us in the physical world more than those in the "virtual" world of the Internet. The talk presents several examples of suck scenarios.
* Tricking victims into willingly installing malicious software: Attackers increasingly rely on social engineering tactics to trick victims into installing malware, such as worms and trojans. The talk will explore several numerous variations of the approaches seen in the wild.
* Targeting attacks through the use of spear phishing and social networks: The talk will explore how attackers may profile victims to include the person or company-specific social engineering elements in an intrusion campaign. Attend this engaging talk to improve the relevance of your security awareness training and to adjust your defenses by revisiting your perspective of the threat landscape.
Lenny Zeltser leads the security consulting practice at Savvis. He is a board of directors member at SANS Technology Institute, a SANS faculty member and an incident handler at the Internet Storm Center. Lenny authored courses, books and articles, and earned GSE and CISSP certifications and MBA and CS degrees.
Tags: fun ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: