28c3: The engineering part of social engineering

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
2,088
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Dec 30, 2011

Download high quality version: http://bit.ly/u4hiBi
Description: http://events.ccc.de/congress/2011/Fahrplan/events/4856.en.html

Aluc: The engineering part of social engineering
Why just lying your way in won't get you anywhere

All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach, what if i get in and don't know what to do then. The talk is about the reconn. before the assessment, the different approaches of SE. Which techniques can one use, how to do a proper intel. and what is useful. How things work and more important why. Which skill set should one have before entering a engagement. And last but not least how do one counter a SE attack.

Preface:

Needed Skillset:

-physical (ie.NLP)

-logical Customer Preparation:

-theoretical models of attack

-check customer needs by his business

-Contract

Preparation & Reconnaissance:

-threat modeling

-physical

-logical

Project Planing:

-Storyboard

-the target

-infiltration

-fetching data/reaching the target

-exfiltrate

-backup plans

Infiltration:

Find & fetch the data:

Exfiltrate the data:

Writing report:

Business impact analyses:

customer meeting:

  • likes, 5 dislikes

Link to this comment:

Share to:
see all

All Comments (5)

Sign In or Sign Up now to post a comment!

  • How to be a professional liar and steal from others.

    This guy should be giving speeches to politicians. I hope people see the inherent immorality of what this guy is promoting. Totally corrupt.

    WhatsReallyGoingOnUS 1 month ago

  • @SevenPoint83hertz didn't notice the fcuks, did notice his "stance" guard like, arms behind the back.. like he needs that to feel "secure" on the stage . .

    the79jinx 2 months ago

  • Funny thing is his side comments to members of audience (mostly mid-sentence).

    That kind of behavior is i.m.o. quite common in active SE-ers, like a "tell"..

    It triggers me to look for more things that are "off" on their behavior ;-)

    the79jinx 2 months ago

  • sweet irony teaching the audience how to properly talk to people while saying fcuk every 10 seconds.

    SevenPoint83hertz 2 months ago

  • NLP is like PUA: Its theory is totally wrong but the people who use the technology are more self-confident and detail oriented.

    rmoriz2 2 months ago

Loading...
Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more