Social Forensication: A Multidisciplinary Approach to Successful Social Engineering
Joe Gray
BSides Tampa 2019

Abstract: Abstract This presentation outlines a new twist on an existing social engineering attack. In the past, we have worked on getting users to plug in USB devices to drop malicious documents and executables. While this attack sometimes proves our point, it is the tip of the iceberg that can be done. Enter Social Forensication. This is a two-pronged attack, consisting first of collecting a memory image for offsite offensive forensic analysis, the second being a rogue Wi-Fi access point attack. During this presentation, we will walk through the steps to perform each attack. Since defense is just as (if not more) important as the attack itself, we will also discuss mitigations (technical and procedural) and relevant windows detections for these attacks.

Detailed Description
Intro (1:00)
The basics of Social Engineering? (6:00)
General discussion about the methods of social engineering
*ishing, Spear Phishing, Whaling, Baiting, Dumpster Diving, etc
Goals of social engineering
Principles of Persuasion
Existing techniques and research (9:00)
Discussion about Jayson Street and others, methods of introducing USB devices and the goals of such attacks.
Attacks overview (10:00)
Introduction to Forensics Attack
Introduction to Rogue Wi-Fi Access Point (WAP)
Attack #1: Forensics (17:00)
Required Gear
Steps:
Planning
Building the Pretext
Gaining Access
Building Rapport
Playing the Part
Getting the Memory Image
Analysis
Attack
Defenses
Basics of Volatility and Useful Commands (22:00)
Steps to Collect Memory Image (dump)
Volatility usage
Useful commands (examples)
Mimikatz
Hashdump
Connscan
Privs
DumpCerts
Applicability in attacking
Ideas for future research and wiki for more modules
Mitigations and Considerations (30:00)
Considerations for Attacking 
Legal
Ethical
Impersonation
Detections
Physical
Windows events
EDR/IDR
Mitigations
Training
Timing
Attack #2: Rogue AP (34:00)
Required Gear
Steps
Planning
Building the Pretext
Standing up the infrastructure
Gaining Access
Planting the device
Attack
Defenses
Mitigations and Considerations (42:00)
Considerations for Attacking 
Legal
Ethical
Detections
Physical
Asset Management
Mitigations
Training
Asset Management
Routine Scanning
Questions (45:00) 

Bio: Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys attending information security conferences, contributing blogs to various outlets, training in Brazilian Jiu Jitsu (spoken taps out A LOT!), and flying his drone. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe has contributed material for the likes of AlienVault, ITSP Magazine, CSO Online, and Dark Reading. Joe is an IBM Recognized Speaker/Presenter.

Back to BSides Tampa 2019 video list