Description: This case study is a journey through the presenter’s experience compromising a Fortune-50 company at the DEF CON 21 Social Engineering Capture the Flag (SECTF) competition and other smaller targets on more recent consulting engagements. The DEF CON SECTF participants competed to gather openly available information on their corporate targets both on the Internet and over the phone. Some companies put up better defenses than others. Social engineering remains a threat to companies of all sizes and industries. Verizon’s 2013 Data Breach Investigations Report cites that 29% of breaches investigated had a social engineering component. Social engineers manipulate human beings to get them to reveal information or take a particular action, such as clicking a malicious link. Information gained via social engineering is then used to gain access to information systems or sensitive data. Attendees will learn the factors that contributed to the presenter’s success and how simple changes could have frustrated her intelligence gathering operations. Session participants will also learn how to detect social engineering attacks and react to them appropriately. And yes, there will be pwnage. Takeaways: Understanding of the social engineering process Actionable
For More Information please visit : - http://grrcon.com
http://www.irongeek.com/i.php?page=videos/grrcon2014/mainlist
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.