Upload
vunhan
View
214
Download
0
Embed Size (px)
Citation preview
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Chris Hadnagy... aka loganWHD
Professional Social Engineer
Best-Selling Author, Podcaster, Framework Writer, Human Hacker
Who Am I?
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
...the act of influencing a person to take an action that may or may not be in the “target's”
best interest. This may include obtaining information, gaining access, or getting the target
to take certain action.
What is Social Engineering?
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Why Care About This Session?
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Why Care About This Session?
In my mind social engineering is the biggest issue today....” SparkyBlaze, Anonymous
“
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Why Should You Care?
* credits to apwg.org Go To www.social-engineer.com
IRS?
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Why Should You Care?
“I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.” - Dmitri Alperovitch, McAfee's former vice-president of threat research
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Common Methods of Social Engineering
Phishing
Go To www.social-engineer.com
Phone ElicitationTail Gating / Impersonation
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Common Methods of Social Engineering
• Consumer Reports projected over $2 billion lost to phishing scams
• Symantec says in Oct 2011 - Phishing – 1 in 343.1 emails is a phish
• 294 BILLION emails sent per day
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Common Methods of Social Engineering
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Common Methods of Social Engineering
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Common Methods of Social Engineering
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Common Methods of Social Engineering
Phone Elicitation and Scams
IC3 reports a 33% increase in reported Scams
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Common Methods of Social Engineering
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Common Methods of Social Engineering
Tail Gating and Impersonation
•The #1 Country for Confidence Scams is the USA
•The #1 State in the USA is California
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Common Methods of Social Engineering
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Goals of the Social Engineer
DATA
Go To www.social-engineer.com
PERSUADE/ ELICITATION
PASSWORDS/ ACCESS
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Goals of the Social Engineer
DATA
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Goals of the Social Engineer
The latest U.S. Cost of a Data Breach report, which was just released...shows that costs continue to rise. This year, they reached $214 per compromised record and averaged $7.2 million per data breach event. The fact is that individuals still care deeply about their personal information and they lose trust in companies that fail to protect it. - www.ponemon.org March 8, 2012
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Goals of the Social Engineer
Persuade / Elicit
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Goals of the Social Engineer
Go To www.social-engineer.com
HUMAN NATURE COMBAT ELICITATIONMost of us want to be polite and helpful, so we answer questions even from relative strangers.
Never talk about your personal problems, or about the personal problems or weaknesses of a colleague.
We want to appear well-informed about our professional specialty, so we may be tempted to say more than we should.
If the conversation is moving into a sensitive area, change the subject or simply ignore any improper question. You are not obliged to tell anyone any information they are not authorized to know.
We want to be appreciated, and to feel that we are doing something important and useful. As a result, we often talk more expansively in response to praise about the value or importance of our work.
To discourage someone who seems to be too pushy about discussing sensitive information or arranging a private meeting with you, state that you would have to clear this with your security office. It usually causes him/her to back off immediately.
As open and honest people, we are often reluctant to withhold information, lie, or be suspicious of others’ motives.
To discourage someone who seems to be too pushy about discussing sensitive information or arranging a private meeting with you, state that you would have to clear this with your security office. It usually causes him/her to back off immediately.
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Goals of the Social Engineer
Passwords / Access
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Goals of the Social Engineer
E7A6E137B3605929DA756F3D491A2ACF:
1DC04013D988137637023C75C6C539AA
Go To www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
Use Social Media Wisely
Go To www.social-engineer.com
Saturday, June 23, 12
Social Engineering:The Art of Human Hacking
Question and Answer Time....
SE Pentesting: www.social-engineer.com
Saturday, June 23, 12
Social EngineeringThe ArtOf HumanHacking
www.Social-Engineer.com
Contact Me
Saturday, June 23, 12