Social Engineering for Fun and ProfitLessons from the SECTF
Social Engineering for Fun and Profit
Lessons from the SECTF
Who am I?
Created the world’s first SE framework
CEO of Social-Engineer, Inc.
Asked by DEF CON to host an SE contest
What is Social Engineering?
“….any act that influences a person to take an action that
may or may not be in their best interests…”
SECTF at DEF CON
A contest that demonstrates the danger of social
engineering through vishing
Contestants: both experienced and n00bs
Targets: large companies selected by SEORG
Goal 1: collect all available OSINT
Goal 2: obtain “flags” on live calls during DEF CON
DEF CON 23
You better come to find out….
What 5 Years Tells Us
Companies are still poor about online
Companies are still poor at repelling
It doesn’t take a pro to be successful
Internal pretexts work!
Implausible pretexts also work!
Women are scary
YOU just became our next
We DO have rules
Would you believe 37 hand-offs
in 30 minutes?
Posting passwords online is bad
DC 18: How Strong is your Schmooze
DC 19: The Schmooze Strikes Back
DC 20: The Battle of the Sexes
DC 21: Who is the Deadliest Warrior
DC 22: Tag Team Challenge
DC 23: You better come and find out…