06 - BruCON 0x0A - Social engineering for penetration testers - Sharon Conheady |
|
2009 talk overview:
In recent years, people have become more familiar with the term "social engineering", the use of deception or impersonation to gain unauthorised access to resources from computer networks to buildings. Does this mean that there are fewer successful social engineering attacks? Probably not. In fact, because computer security is becoming more sophisticated and more difficult to break (although this is still very possible) more and more people are resorting to social engineering techniques as a means of gaining access to an organisations' resources. Logical security is at a much greater risk of being compromised if physical security is weak and security awareness is low. Performing a social engineering test on an organisation gives a good indication of the effectiveness of current physical security controls and the staff's level of security awareness. But once you have decided to perform a social engineering test, where do you start? How do you actually conduct a social engineering test? 2018 talk overview: It’s 2018 and we can’t get enough social engineering. People are still falling for social engineering scams and criminals are using more social engineering techniques than ever. On the plus side, social engineering testers are busier than ever too. So how do you actually conduct a social engineering test in 2018? Has much changed over the past decade? Thanks to recycling, dumpster diving is a lot less disgusting, that’s for sure. Come and hear what else has changed from someone who has been delivering social engineering tests since before Brucon existed. |