A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Breaking in Bad (I'm the one who doesn't knock) - Jayson E. Street Converge 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Breaking in Bad (I'm the one who doesn't knock)
Jayson E. Street
jaysonstreet

I've come to realize that while I may not do a lot of social engineering engagements I do a quite a few weird ones. I also seem to have three main roles I play (all adorably) to try to get into my target.I thought it would be cool to share at least a story from each one of these roles. Some have pictures, some with just witty comments. Though all three will come more importantly with ways that would have stopped me from being successful. The goal is not to show how ‘L337' I am or these attacks are! Far from it this talk is to show how EASY these attacks were done and how every single attack has one common thread connecting all of them! Though you'll have to see my talk to find out what that is! ;-) I start off the talk describing each one of the below listed attack vectors I use. I tell a story from each of them I show video of me breaking into a bank in Beirut Lebanon. I show video of gaining access to USA State Treasury office. The most important part of my talk is not that at all. I spend the entire last half of the talk creating a security awareness talk! Where I go into ways to spot me (or any attacker) I show the different tools and devices users should be aware of. I show how users should approach a situation if someone like me is in the building or interacting with them online. I basically use this talk to entertain the security people in the audience enough that they will take this back to their work and share my PowerPoint and video of my talk with their executives and co-workers. 1. The haphazard tech/IT guy/repair engineer In this role I usually defer to the employees I usually start off with the simple phrase �I'm from IT, the home office sent me to work on your system. Have you noticed the network has been running a lil slow? The rest just falls into place! 2. The rushed agitated auditor/consultant/executive In this role I'm the visiting pain in your…operation. I have no time for small talk and all I need from you is to complete this one last task and check this last box so I can get home and you can go about your day. That is something usually everyone can agree on! 3. The off the wall there is no way you should let me in! In this role I try to see if I can just walk into a place either in my PJ's and barefoot or as a visiting TV producer wanting to make you famous. (FYI both scenarios have worked pretty well)

Jayson E. Street is an author of �Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under �Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time's persons of the year for 2006

Back to Converge 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast