Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015

728 views

Published on

Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015

Published in: Technology
  • Today's dogs suffer from a lack of mental stimulation and quality time spent with "their" people. The resulting boredom and anxiety can lead to no end of physical and behavioral problems. Brain Training for Dogs is the solution! In a clear and concise manner, Adrienne Farricelli walks owners through a series of puzzles and exercises that will challenge and entertain dogs of all abilities. ●●● http://t.cn/Aie4mTQb
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015

  1. 1. Panel Discussion: Understanding Social Engineering attacks and thwarting them Null Meet – 20th June, 2015 Manasdeep SISA Information Security Pvt. Ltd.
  2. 2. www.sisainfosec.com About Me • Consultant @ SISA Information Security Pvt. Ltd. • PCI QSA, CISA, ISO 27001:2013 • Regular contributor to information security magazines such as ClubHack Mag, Pentestmag. • Interested in PCI DSS, Compliance and Penetration Testing • Like to learn and demonstrate latest security attack vectors and technologies.
  3. 3. www.sisainfosec.com Discussion Agenda • What is Social Engineering (SE) ? • Why is Social Engineering SO successful? • Achieving maximum efficiency : Social engineering tests • Thwarting social engineering attacks • Macroexpressions & Body Language • Microexpressions • Demo
  4. 4. www.sisainfosec.com What is Social Engineering? “Act of influencing a person to take action that may or may not be in target’s interest”
  5. 5. www.sisainfosec.com Is Social Engineering always bad? Good Social Engineers: Parents, Doctors, Criminal Psychologists, Negotiators, Salespersons, Diplomats, Whistle-blowers, Magicians Bad Social Engineers: Fraudsters, Confidence tricksters Malicious Insiders, Espionage Agents, Double-Agents, Blackmailers, Human Traffickers, Terrorists
  6. 6. www.sisainfosec.com Why is Social Engineering SO successful? We are hard-wired to respond to a favor, often not in direct proportion to the size of the favor done to us. Principle 1 - Reciprocation:
  7. 7. www.sisainfosec.com Why is Social Engineering SO successful? Once we have made a choice or taken a stand, we will encounter personal and inter-personal pressures to behave consistently with that commitment. Principle 2 - Commitment and Consistency
  8. 8. www.sisainfosec.com Why is Social Engineering SO successful? One means we use to determine what is correct is to find out what other people think is correct. The principle applies especially to the way we decide what constitutes correct behavior. Principle 3 - Social Proof:
  9. 9. www.sisainfosec.com Why is Social Engineering SO successful? As a rule, we prefer to say yes to the requests of someone we know and like Principle 4 - Liking
  10. 10. www.sisainfosec.com Why is Social Engineering SO successful? The real culprit is our inability to resist the psychological power wielded by the person in authority. Principle 5 - Authority
  11. 11. www.sisainfosec.com Why is Social Engineering SO successful? The influence of the scarcity principle in determining the worth of an item. Principle 6 - Scarcity:
  12. 12. www.sisainfosec.com Example: Scarcity of an item
  13. 13. www.sisainfosec.com Example: Liking
  14. 14. www.sisainfosec.com Macro-expressions / Body language Macro-expression / Body language is a form of mental and physical ability of human non-verbal communication, which consists of body posture, gestures, facial expressions, and eye movements. Humans send and interpret such signals almost entirely subconsciously. Communication consists of : • 7% of what we say • 38% vocal(tone, accent, dialect) • 55% Non Verbal
  15. 15. www.sisainfosec.com Macro-expressions / Body language Non Verbal behavior is depicted fundamentally by some body parts and how they act: • Feet/Legs (Most Accurate) • Torso • Hands • Neck • Mouth • Face (Least Accurate)
  16. 16. www.sisainfosec.com Macro-expressions: An Analysis
  17. 17. www.sisainfosec.com Pop Quiz: Identify this expression?
  18. 18. www.sisainfosec.com Micro-expressions A micro-expression is a brief, involuntary facial expression shown on the face of humans according to emotions experienced.
  19. 19. www.sisainfosec.com Characteristics of micro-expressions: • They are very brief in duration, lasting only 1/25 to 1/15 of a second. • Highly Accurate in depicting the "actual" thought of the person. • Almost involuntary reflexes barely felt by the subject • Express the seven universal emotions: disgust, anger, fear, sadness, happiness, surprise, and contempt • It is difficult to hide micro-expression reactions
  20. 20. www.sisainfosec.com Puppy Dog Eyes Expression Animals too…..are able to Social engineer us successfully !!  With whom you’d rather share your biscuit with?? Can you give me a biscuit? Please…… May I join in too? Please…… Where is MY biscuit? GIVE IT TO ME NOW !! Or else…….
  21. 21. www.sisainfosec.com Achieving maximum efficiency : Social engineering tests • On confronting an anti social or angry person; frown a bit and tilt your head by relaxing your shoulders. This indicates you are interested to hear him/her out and are not confronting directly. •If you enter with a sad expression, the subject will involuntary feel sympathetic for you and will offer to help in most cases.
  22. 22. www.sisainfosec.com Achieving maximum efficiency : Social engineering tests • A friendly and warm reception always has higher chances of information retrieval than a rash or unfriendly behavior you know you are trapped. • Dress up nicely (as per occasion) and walk in short sure steps. It gives an impression of authority and people are much likely to yield under this charismatic effect.
  23. 23. www.sisainfosec.com Thwarting social engineering attacks TRUST,BUT VERIFY
  24. 24. www.sisainfosec.com Thwarting social engineering attacks • Gather and DEMAND more data • Corroborate with evidences • Check body language • Defense in Depth • Security by Design
  25. 25. www.sisainfosec.com Resources Books: • Social Engineering: The Art of Human Hacking by Christopher Hadnagy • The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick • Influence: The Psychology of Persuasion by Robert B. Cialdini
  26. 26. www.sisainfosec.com Resources Links: Body Language – Expressions on Google Android App Store: • https://play.google.com/store/apps/details?id=com.Mazuzu.Expression Training&hl=en Video: Nonverbal Human Hacking Derbycon 2012 • http://www.irongeek.com/i.php?page=videos/derbycon2/2-1-2-chris- hadnagy-nonverbal-human-hacking
  27. 27. www.sisainfosec.com THANK YOU !!! - Manasdeep http://reflect-infosec.blogspot.in/ https://twitter.com/manasdeep https://in.linkedin.com/in/manasdeep

×