Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Education/Action/Protection
Social Engineering for Fun and Profit
Lessons from the SECTF
Social-Engineer.com
Who am I?
2
 Created the world’s first SE framework
 CEO of Social-Engineer, Inc.
 Asked by DEF CON...
Social-Engineer.com
What is Social Engineering?
“….any act that influences a person to take an action that
may or may not ...
Social-Engineer.com
SECTF at DEF CON
 A contest that demonstrates the danger of social
engineering through vishing
 Cont...
Social-Engineer.com
DEF CON 18
Social-Engineer.com
DEF CON 19
Social-Engineer.com
DEF CON 20
Social-Engineer.com
DEF CON 21
Social-Engineer.com
DEF CON 22
Social-Engineer.com
DEF CON 23
You better come to find out….
Social-Engineer.com
What 5 Years Tells Us
 Companies are still poor about online
information leakage
 Companies are stil...
Social-Engineer.com
War Stories
 Women are scary
 YOU just became our next
contestant…
 We DO have rules
 Would you be...
Social-Engineer.com
Themes
 DC 18: How Strong is your Schmooze
 DC 19: The Schmooze Strikes Back
 DC 20: The Battle of ...
Contact Me:
Chris@social-engineer.com
@humanhacker
www.social-engineer.com
www.social-engineer.org
Upcoming SlideShare
Loading in …5
×

Social Engineering for Fun and Profit Lessons from the SECTF

594 views

Published on

Social Engineering for Fun and Profit Lessons from the SECTF

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Social Engineering for Fun and Profit Lessons from the SECTF

  1. 1. Education/Action/Protection Social Engineering for Fun and Profit Lessons from the SECTF
  2. 2. Social-Engineer.com Who am I? 2  Created the world’s first SE framework  CEO of Social-Engineer, Inc.  Asked by DEF CON to host an SE contest  Legal  Ethical  Fun
  3. 3. Social-Engineer.com What is Social Engineering? “….any act that influences a person to take an action that may or may not be in their best interests…” 3
  4. 4. Social-Engineer.com SECTF at DEF CON  A contest that demonstrates the danger of social engineering through vishing  Contestants: both experienced and n00bs  Targets: large companies selected by SEORG  Goal 1: collect all available OSINT  Goal 2: obtain “flags” on live calls during DEF CON  Strict ROEs  Legal counsel
  5. 5. Social-Engineer.com DEF CON 18
  6. 6. Social-Engineer.com DEF CON 19
  7. 7. Social-Engineer.com DEF CON 20
  8. 8. Social-Engineer.com DEF CON 21
  9. 9. Social-Engineer.com DEF CON 22
  10. 10. Social-Engineer.com DEF CON 23 You better come to find out….
  11. 11. Social-Engineer.com What 5 Years Tells Us  Companies are still poor about online information leakage  Companies are still poor at repelling vishing attacks  It doesn’t take a pro to be successful  Internal pretexts work!  Implausible pretexts also work!
  12. 12. Social-Engineer.com War Stories  Women are scary  YOU just became our next contestant…  We DO have rules  Would you believe 37 hand-offs in 30 minutes?  Posting passwords online is bad
  13. 13. Social-Engineer.com Themes  DC 18: How Strong is your Schmooze  DC 19: The Schmooze Strikes Back  DC 20: The Battle of the Sexes  DC 21: Who is the Deadliest Warrior  DC 22: Tag Team Challenge  DC 23: You better come and find out…
  14. 14. Contact Me: Chris@social-engineer.com @humanhacker www.social-engineer.com www.social-engineer.org

×