| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
This case study is a journey through the presenter’s experience compromising a Fortune-50 company at the DEF CON 21 Social Engineering Capture the Flag (SECTF) competition and other smaller targets on more recent consulting engagements. The DEF CON SECTF participants competed to gather openly available information on their corporate targets both on the Internet and over the phone. Some companies put up better defenses than others.
Social engineering remains a threat to companies of all sizes and industries. Verizon’s 2013 Data Breach Investigations Report cites that 29% of breaches investigated had a social engineering component. Social engineers manipulate human beings to get them to reveal information or take a particular action, such as clicking a malicious link. Information gained via social engineering is then used to gain access to information systems or sensitive data.
Attendees will learn the factors that contributed to the presenter’s success and how simple changes could have frustrated her intelligence gathering operations. Session participants will also learn how to detect social engineering attacks and react to them appropriately. And yes, there will be pwnage.
Takeaways:
Understanding of the social engineering process
Actionable
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast