This case study is a journey through the presenter’s experience compromising a Fortune-50 company at the DEF CON 21 Social Engineering Capture the Flag (SECTF) competition and other smaller targets on more recent consulting engagements. The DEF CON SECTF participants competed to gather openly available information on their corporate targets both on the Internet and over the phone. Some companies put up better defenses than others. Social engineering remains a threat to companies of all sizes and industries. Verizon’s 2013 Data Breach Investigations Report cites that 29% of breaches investigated had a social engineering component. Social engineers manipulate human beings to get them to reveal information or take a particular action, such as clicking a malicious link. Information gained via social engineering is then used to gain access to information systems or sensitive data. Attendees will learn the factors that contributed to the presenter’s success and how simple changes could have frustrated her intelligence gathering operations. Session participants will also learn how to detect social engineering attacks and react to them appropriately. And yes, there will be pwnage. Takeaways: Understanding of the social engineering process Actionable

Back to GrrCON 2014 video list