This document discusses social engineering and its importance in penetration testing. It defines social engineering as influencing someone to take an action that may or may not be in their best interest. It outlines fundamental principles like reciprocity, commitment, social proof, and authority that guide the success of social engineering. The document also discusses macroexpressions, microexpressions, case studies, trends in social engineering, and techniques to use and defend against social engineering in security audits and penetration testing.
Mobile Spree San Francisco 2018: In the startup world, it's difficult to stretch your marketing budget. Leigh Isaacson CEO&Co-Founder and Casey Isaacson, Co-Founder & CCO of Dig - The Dog Person's Dating App, discuss how to find quality users even with these constraints.
Designing effective user research to discover the truth PeakXD
The truth doesn't cost you anything but a lie could cost you everything. Tania Lang's presentation at UX Australia's Design Research conference March 2019
Mobile Spree San Francisco 2018: In the startup world, it's difficult to stretch your marketing budget. Leigh Isaacson CEO&Co-Founder and Casey Isaacson, Co-Founder & CCO of Dig - The Dog Person's Dating App, discuss how to find quality users even with these constraints.
Designing effective user research to discover the truth PeakXD
The truth doesn't cost you anything but a lie could cost you everything. Tania Lang's presentation at UX Australia's Design Research conference March 2019
A free training module for journalists who want to dig deeper with their journalism and uncover original stories. Ideal for those starting a career in journalism.
As thinking human beings and team leaders or architects we can benefit from knowing more about how we think, deliberate and decide. Most teams rely on trust, transparency, collaboration, and collective decision-making. “Thinking, Fast and Slow,” by Daniel Kahneman explains two systems that drive how we think. System 1 thinking is fast, intuitive, and emotional; System 2 is slow, deliberate, and logical.
In this presentation you learn how fast and slow thinking affects your reactions, behaviors, and decision-making. You’ll explore how several common development practices (with an emphasis on some agile practices), can amplify and exploit your thinking abilities and where they might lead you astray.
Fast thinking works pretty well in a well-known context. You save time when you don’t have to deliberate over details and nuances in order to make informed decisions. But fast thinking can lead to extremely poor decisions. You might jump to conclusions, be wildly optimistic, or greatly under-assess risks and rewards. You need to exploit both fast and slow thinking and be acutely aware of when fast thinking is tripping you up.
Your campaign has a great issue, solid data and a strong organization. But successful campaigns require powerful frames; winning requires setting the frame. You need to command your campaign’s own narrative. Join Resource Media for a training presentation to learn how you can successfully frame campaigns.
Fast-paced session covering 12 communication models designed to propel strategic communicators to the highest level. Many were used by President Obama in his re-election campaign. First 36 minutes cover models. Final 24 – time’s yours. “The Dozen”: Obama; MAC Triad; Shannon Weaver; Cracked Egg; Electronic Releases; Hyper Targeting; Conflict Analysis; Audience Fragmentation; Crisis Communication; Media Relations; Key Communicators; Summary (GOST, PRpie; RACE)
Fast-paced session covering 12 communication models designed to propel strategic communicators to the highest level. Many were used by President Obama in his re-election campaign. First 36 minutes cover models. Final 24 – time’s yours. “The Dozen”: Obama; MAC Triad; Shannon Weaver; Cracked Egg; Electronic Releases; Hyper Targeting; Conflict Analysis; Audience Fragmentation; Crisis Communication; Media Relations; Key Communicators; Summary (GOST, PRpie; RACE)
Have you tried to get your issue into the news, with limited success? Are you struggling to keep up with the changing media landscape? If your work sometimes requires dealing with the media, but your staff lacks media skills training or experience pitching the media, this training presentation is for you.
In the past four decades, behavioral economists and cognitive psychologists have discovered many cognitive biases human brains fall prey to when thinking and deciding. Cognitive biases are tendencies to think in certain ways that can lead to systematic deviations from a standard of rationality or good judgment. These biases arise from errors of memory, social attribution, and miscalculations such as statistical errors or a false sense of probability. Some social psychologists believe our cognitive biases help us process information more efficiently, especially in dangerous situations. Still, they lead us to make grave mistakes. We may be prone to such errors in judgment, but at least we can be aware of them.
Bayesian reasoning offers a way to improve on the native human reasoning style. Reasoning naively, we tend not to seek alternative explanations, and sometimes underrate the influence of prior probabilities in Bayes' theorem.
Credits: Wikipedia, LessWrong.org
You're not so smart - Cognitive BiasesOdair Faléco
We think we are smart, but understanding Cognitive Biases shows how limited is our perception of reality and information around us.
On this presentation I expalin and bring some real examples of the most commom biases used in the market, web and UX.
There are many kinds of cognitive biases that influence individuals differently, but their common characteristic is that they lead to judgment and decision-making that deviates from rational objectivity.
Data has been recorded by Columbia university student in 2002 and analysed to find out dating preferences for the student in an experiment called "Speed Dating"
Taken from the Future of Web Design, San Francisco 2015 Conference. https://futureofwebdesign.com/san-francisco-2015/
Site analytics. The quantified self. Big data. Human activity is creating more and more measurable data. But is more data really helping designers make better decisions? Human problems often require illogical approaches. In order to meet real human needs, we need to approach the data we collect with empathy and find the story in the facts.
I've discussed the various ways our brain makes illogical judgments and then makes errors in thinking. I've also discussed the difference between logical thought and how the brain thinks automatically. There is some content on logic as seen in animals too.
Here is a special post I've made about the Survivorship bias
https://cognitiontoday.com/what-you-need-to-know-about-success-stories-survivorship-bias/
Here is one on overcoming thinking biases
https://cognitiontoday.com/8-powerful-ways-to-overcome-thinking-errors-and-cognitive-biases/
Here is one on a few more cognitive biases
https://cognitiontoday.com/4-cognitive-biases-you-should-be-aware/
A free training module for journalists who want to dig deeper with their journalism and uncover original stories. Ideal for those starting a career in journalism.
As thinking human beings and team leaders or architects we can benefit from knowing more about how we think, deliberate and decide. Most teams rely on trust, transparency, collaboration, and collective decision-making. “Thinking, Fast and Slow,” by Daniel Kahneman explains two systems that drive how we think. System 1 thinking is fast, intuitive, and emotional; System 2 is slow, deliberate, and logical.
In this presentation you learn how fast and slow thinking affects your reactions, behaviors, and decision-making. You’ll explore how several common development practices (with an emphasis on some agile practices), can amplify and exploit your thinking abilities and where they might lead you astray.
Fast thinking works pretty well in a well-known context. You save time when you don’t have to deliberate over details and nuances in order to make informed decisions. But fast thinking can lead to extremely poor decisions. You might jump to conclusions, be wildly optimistic, or greatly under-assess risks and rewards. You need to exploit both fast and slow thinking and be acutely aware of when fast thinking is tripping you up.
Your campaign has a great issue, solid data and a strong organization. But successful campaigns require powerful frames; winning requires setting the frame. You need to command your campaign’s own narrative. Join Resource Media for a training presentation to learn how you can successfully frame campaigns.
Fast-paced session covering 12 communication models designed to propel strategic communicators to the highest level. Many were used by President Obama in his re-election campaign. First 36 minutes cover models. Final 24 – time’s yours. “The Dozen”: Obama; MAC Triad; Shannon Weaver; Cracked Egg; Electronic Releases; Hyper Targeting; Conflict Analysis; Audience Fragmentation; Crisis Communication; Media Relations; Key Communicators; Summary (GOST, PRpie; RACE)
Fast-paced session covering 12 communication models designed to propel strategic communicators to the highest level. Many were used by President Obama in his re-election campaign. First 36 minutes cover models. Final 24 – time’s yours. “The Dozen”: Obama; MAC Triad; Shannon Weaver; Cracked Egg; Electronic Releases; Hyper Targeting; Conflict Analysis; Audience Fragmentation; Crisis Communication; Media Relations; Key Communicators; Summary (GOST, PRpie; RACE)
Have you tried to get your issue into the news, with limited success? Are you struggling to keep up with the changing media landscape? If your work sometimes requires dealing with the media, but your staff lacks media skills training or experience pitching the media, this training presentation is for you.
In the past four decades, behavioral economists and cognitive psychologists have discovered many cognitive biases human brains fall prey to when thinking and deciding. Cognitive biases are tendencies to think in certain ways that can lead to systematic deviations from a standard of rationality or good judgment. These biases arise from errors of memory, social attribution, and miscalculations such as statistical errors or a false sense of probability. Some social psychologists believe our cognitive biases help us process information more efficiently, especially in dangerous situations. Still, they lead us to make grave mistakes. We may be prone to such errors in judgment, but at least we can be aware of them.
Bayesian reasoning offers a way to improve on the native human reasoning style. Reasoning naively, we tend not to seek alternative explanations, and sometimes underrate the influence of prior probabilities in Bayes' theorem.
Credits: Wikipedia, LessWrong.org
You're not so smart - Cognitive BiasesOdair Faléco
We think we are smart, but understanding Cognitive Biases shows how limited is our perception of reality and information around us.
On this presentation I expalin and bring some real examples of the most commom biases used in the market, web and UX.
There are many kinds of cognitive biases that influence individuals differently, but their common characteristic is that they lead to judgment and decision-making that deviates from rational objectivity.
Data has been recorded by Columbia university student in 2002 and analysed to find out dating preferences for the student in an experiment called "Speed Dating"
Taken from the Future of Web Design, San Francisco 2015 Conference. https://futureofwebdesign.com/san-francisco-2015/
Site analytics. The quantified self. Big data. Human activity is creating more and more measurable data. But is more data really helping designers make better decisions? Human problems often require illogical approaches. In order to meet real human needs, we need to approach the data we collect with empathy and find the story in the facts.
I've discussed the various ways our brain makes illogical judgments and then makes errors in thinking. I've also discussed the difference between logical thought and how the brain thinks automatically. There is some content on logic as seen in animals too.
Here is a special post I've made about the Survivorship bias
https://cognitiontoday.com/what-you-need-to-know-about-success-stories-survivorship-bias/
Here is one on overcoming thinking biases
https://cognitiontoday.com/8-powerful-ways-to-overcome-thinking-errors-and-cognitive-biases/
Here is one on a few more cognitive biases
https://cognitiontoday.com/4-cognitive-biases-you-should-be-aware/
Big Data, consumer insights, NPS and benchmarking… Ugh, Enough already! Its all great stuff but when do you stop analyzing and start acting? Leaders need tools to act not another report!
Take a look at our approach. Applied behavioral science, intuitive easy to digest information and simple, actionable leadership tools.
Communication Hacks: Strategies for fostering collaboration and dealing with ...All Things Open
Communication Hacks: Strategies for fostering collaboration and dealing with conflict in open source
Presented by Nuritzi Sanchez, GitLab, Inc.
Presented at Open Source 101 2021
Abstract: During this talk, you'll learn about topics like cross-cultural collaboration, giving and receiving feedback, and active listening -- all things that are vital to the health of our open source communities.
After reading many self-help books, watching various TED Talks, and listening to a ton of podcasts, I've condensed my learnings to help you improve your communications skills, deal with conflict, and collaborate better than ever, not only in FOSS, but also everywhere else.
Human beings were not designed as isolated individuals. We're essentially super social apes. This has major implications on how we, marketeers, influence our audiences.
This presentations elaborates on popular theories from social psychology and translates them into learnings for marketing.
This presentation was given at the university of Antwerp for an audience of master students in applied economics.
This presentation examines the impact of ACE's (Adverse Childhood Experiences) on the lives of children, tweens and teens. It also looks at techniques for helping move people from Trauma to resilience.
Persuasion architectures: Nudging People to do the Right ThingUser Vision
Review of some of the most popular commercial and public sector persuasion methodologies. Plus some reasons why they may not work and some criticisms, and a comparison of how supermarkets persuade us, offline.
Humans Aren’t Computers: Effective Leadership Strategies for ITMichele Chubirka
IT leaders are expected to break down silos between different technology teams, get end users to understand and embrace policies, and forge productive relationships with their counterparts on the business side of the organization. This is harder than it sounds, because while people can behave rationally, they can also be governed by emotions such as frustration and fear of change. They can be driven by ego, a bad attitude, or simple ignorance. They can cause conflict that can disrupt professional relationships, drag down a team or even poison an entire department. Unfortunately for technical-minded leaders, there's no Python script to program company-wide collaboration and harmony and get everyone to sing Kumbaya. We have to learn how to build healthy relationships with employees, drive engagement, and understand how to resolve conflicts using practical, effective strategies.
How to deal with difficult people - Timothy DimoffCase IQ
If your job involves communicating with employees under difficult circumstances, you have probably encountered aggressive or uncooperative people. Handling these situations competently can help you get the results you need rather than an ugly confrontation. Join i-Sight and Timothy Dimoff for a free one-hour webinar: How to Deal with Difficult People.
During this webinar you will learn;
Aggressive versus assertive behavior
The difference between reacting and responding
Stages of aggression
De-escalating aggression
Things never to say to someone
How to speak “Peace Language”
Couldn’t make it to SxSW Interactive this year? Don’t worry, the Social Media Club of Fort Worth has you covered! For our April speaker event, several SMCFW members who attended SxSW served as the presenters. Each speaker took five minutes to give their own mini presentation and talk to the group about their favorite SxSW session, speaker or conference experience.
Behaviour change is the measurable outcome of good UX design. Here's a review of a few design techniques and processes to help UX designers to create sustainable behaviour change.
Y&R Study Results: Secrets and lies sept 19Leonard Murphy
Are some iconic brands actually less popular than we think?
According to a new study from Y&R, the answer may well be yes. The study measured traditional brand ratings using a survey -- but it added a twist by also measuring emotional response on an unconscious level using a technique called Implicit Association. Featured in Malcolm Gladwell’s book Blink, this technique has been used in academia to uncovered hidden biases like racism.
The major finding: In the USA, brands like Google and Apple– while popular on a stated basis – are less well liked unconsciously. Other brands like Exxon, The National Inquirer and Facebook are actually liked more than consumers readily admit.
Y&R partnered with noted psychologist Dr. Joel Weinberger of Adelphi University, an expert in unconscious motivation, to design and analyze the results of this study.
All the concepts presented in the workshop on leadership, communication, and effective teams held at InnerSpace in San Francisco on September 24, 2015.
This presentation was part of Embody's Safe Healthy Strong 2015 conference on sexuality education (www.ppwi.org/safehealthystrong). Embody is Planned Parenthood of Wisconsin's education and training programs. Learn more: www.ppwi.org/embody
DESCRIPTION
Attendees will learn about the impact of trauma on the emotional brain and how it in turn impacts adolescent sexual behavior and decision making. Attendees will learn how to interview, intervene, and be pro-active with these youth during annual health exams, sex education in schools, and general conversations/interventions around sexual behavior. Specific examples of proactive provision of safety strategies for vulnerable youth will be provided by a trainer with extensive experience.
ABOUT THE PRESENTERS
Lora Schroeder, MSW, LCSW-Clinical Case Manager, is a Licensed Clinical Social Worker who holds a Bachelor’s degree in Psychology and a Master’s degree in Social Work from the University of Wisconsin-Milwaukee. She has over 20 years of clinical experience with chronically mentally ill adults, children and families. Lora worked for Transitional Living Services in Milwaukee, working intensely with adult mental health clientele and helped develop and facilitate this program in Ozaukee County as well. Lora spent over three years at Washington County Department of Social Services, placing children into treatment foster care and conducting family court appointed custody studies. During her 15 years at Community Care Resources, Lora has provided on-going clinical case management services for youth in treatment foster homes, and group and individual therapy with children in the specialized group care homes, providing STOP (Adolescent Sexual Offender Program) therapy as well as attachment work. Lora currently provides Trauma Focused Cognitive Behavior Therapy to clients who have severe trauma histories.
Jamie Heinen, MSSW, has been employed with Community Care Resources for seven years. She received her Master’s degree in Social Work from UW-Madison in 2006 and is currently licensed as an Advanced Practice Social Worker. Jamie has spent her entire social work career working within the Child Welfare System, specifically working with foster parents and youth in out-of-home care placements in a variety of settings and has a wealth of knowledge in this area. Her six years working for Milwaukee County gave her ample experience advocating for and restoring youth and families. In addition to pursuing her LCSW, Jamie recently earned her Equine Specialist in Mental Health and Learning Horsemanship Certification.
Joy Nyhuis-Wing, LCSW, earned her MSSW at Loyola University of Chicago and has worked with children, adolescents, and their families in a professional capacity since 1994, including case management, individual and family therapy, in-home therapy, and group counseling. As a Clinical Case Manager over the past 17 years, she has provided numerous trainings to foster parents.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
2. Agenda for Social Engineering:
• What is Social Engineering (SE) ?
• Fundamental principals guiding the success of SE
• Case Study Demonstration
• Macroexpressions & Body Language
• Microexpressions
• Importance of SE during Audit or SE PenTesting
• Counter Measures for SE
3. What is Social Engineering?
“Act of influencing a person to take action that may or may not be in target’s
interest”
Good Social Engineers:
Parents,
Doctors,
Criminal Psychologists,
Negotiators,
Salespersons,
Diplomats,
Whistle-blowers,
Magicians
Bad Social Engineers:
Fraudsters,
Confidence tricksters
Malicious Insiders,
Espionage Agents,
Double-Agents,
Blackmailers,
Human Traffickers,
Terrorists
4. Fundamental principals guiding the success of SE
Reciprocation:
We are hard-wired to respond to a favour, often not in direct proportion to
the size of the favour done to us.
Commitment and Consistency:
Once we have made a choice or taken a stand, we will encounter
personal and inter-personal pressures to behave consistently with that
commitment.
Social Proof:
One means we use to determine what is correct is to find out what
other people think is correct. The principle applies especially to the
way we decide what constitutes correct behaviour.
Liking: As a rule, we prefer to say yes to the requests of someone we
know and like
Authority: The real culprit is our inability to resist the psychological power
wielded by the person in authority.
The influence of the scarcity principle in determining the worth of an
item.
Scarcity:
7. Case Study: Reliance Canteen episode
Objective
During our graduation days, we planned have food from the canteen without
paying huge bills when our friend group grew large in size.
The Opportunity
Those days, Reliance had launched an offer that enabled you to talk free between
2 sims if you buy them.
The SE Attack
We gave the 2 sims to canteen serving boy for having him to talk “as much as he
desires” to his village. We made an understanding that whenever our friend circle was
visiting canteen, he will bring extra samosas or cold drinks without charging us extra
on them.
The Effect
We used to get almost double the food for the price of few items or the half of the
price. This went on un-noticed for 7-8 months after which the plan failed.
8. Case Study: Analysis
• Why did the plan work?
• What could have caused failure of plan after 7-8 months?
• What could have happened if we were caught earlier ?
9. Macro-expressions / Body language
Macro-expression / Body language is a form of mental and physical ability of human
non-verbal communication, which consists of body posture, gestures, facial expressions,
and eye movements. Humans send and interpret such signals almost entirely
subconsciously.
Communication consists of :
• 7% of what we say
• 38% vocal(tone, accent, dialect)
• 55% Non Verbal
Non Verbal behaviour is depicted fundamentally by some body parts and how
they act:
• Feet/Legs (Most Accurate)
• Torso
• Hands
• Neck
• Mouth
• Face (Least Accurate)
12. Micro-expressions
A micro-expression is a brief, involuntary facial expression shown on the face of humans
according to emotions experienced.
Characteristics of micro-expressions:
• They are very brief in duration, lasting only 1/25 to 1/15 of a second.
• Highly Accurate in depicting the "actual" thought of the person.
• Almost involuntary reflexes barely felt by the subject
• Express the seven universal emotions: disgust, anger, fear, sadness, happiness,
surprise, and contempt
• It is difficult to hide micro-expression reactions
13. Puppy Dog Eyes Expression
With whom you’d rather share your biscuit with??
Can you give me a
biscuit? Please……
May I join in too?
Please……
Where is MY biscuit?
GIVE IT TO ME NOW !! Or else…….
Animals too…..are able to Social engineer us successfully !!
17. Controlling your Micro & Macro expressions during Audit
If you are stuck during conducting a social engineering exercise, the following
tips might help for successfully carrying out testing:
• On confronting an anti social or angry person; frown a bit and tilt your head by
relaxing your shoulders. This indicates you are interested to hear him/her out and are
not confronting directly.
• Enter with a sad expression, the subject will involuntary feel sympathetic for you
and will offer to help in most cases.
• A friendly and warm reception always has higher chances of information retrieval
than a rash or unfriendly behavior
• Do everything in confidence even you know you are trapped.
• Dress up nicely (as per occasion) and walk in short sure steps. It gives an impression
of authority and people are much likely to yield under this charismatic effect.
22. Must Have Resources
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy
• The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
• Influence: The Psychology of Persuasion by Robert B. Cialdini
Links
• Video: Nonverbal Human Hacking Derbycon 2012
http://www.irongeek.com/i.php?page=videos/derbycon2/2-1-2-chris-hadnagy-nonverbal-
human-hacking
• Body Language – Expressions on Google Android App Store:
https://play.google.com/store/apps/details?id=com.Mazuzu.ExpressionTraining&hl=en
23. Golden rule for thwarting social
engineering attacks
TRUST, BUT VERIFY