A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Reducing Your Organization’s Social Engineering Attack Surface - Jen Fox GrrCON 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

Reducing Your Organization’s Social Engineering Attack Surface
Jen Fox
GrrCON 2014

This case study is a journey through the presenter’s experience compromising a Fortune-50 company at the DEF CON 21 Social Engineering Capture the Flag (SECTF) competition and other smaller targets on more recent consulting engagements. The DEF CON SECTF participants competed to gather openly available information on their corporate targets both on the Internet and over the phone. Some companies put up better defenses than others. Social engineering remains a threat to companies of all sizes and industries. Verizon’s 2013 Data Breach Investigations Report cites that 29% of breaches investigated had a social engineering component. Social engineers manipulate human beings to get them to reveal information or take a particular action, such as clicking a malicious link. Information gained via social engineering is then used to gain access to information systems or sensitive data. Attendees will learn the factors that contributed to the presenter’s success and how simple changes could have frustrated her intelligence gathering operations. Session participants will also learn how to detect social engineering attacks and react to them appropriately. And yes, there will be pwnage. Takeaways: Understanding of the social engineering process Actionable

Back to GrrCON 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast