In Part I, Modern Social Engineering - A Vital Component of Pen Testing, Chris Nickerson & Mike Murray adeptly covered the generalities of Social Engineering, and how it is a repeatable process perfect for inclusion in penetration testing. So let’s go a little deeper into crafting these attacks. What are some of the tricks of the verbal trade that make people far more likely to fall prey to those phishing attacks or that fraudulent web site? What tools can I use to test and eventually utilize to attack… er… audit my target organization? This 1-hour webcast dives deeper into the process of Electronic SE (eSE) and offers real-world examples of combining the skills of the social engineer with the toolkit of the ethical hacker.

The entire hour and a half video of the webcast as well as the slide deck are available below.

del.icio.us

Discuss in Forums (5)

As mentioneded in Part I, InfoSec is changing. Web apps are the vector-du-jour, but that well is also drying up for organized crime. Creeping up the OSI Model looking for easier ways to steal your corp assets, they're quickly making it to the unspoken 8th layer, the end user. So what's next in the escalation of this cyber war?

We must do as Sun Tzu and "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking. After years of hardening, we have come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It's only a matter of time before corporations feel the pain of wetware hacking.

Slide Deck
44 Slides - 1.28 MB 

Forgive the nasty echo.
Please be patient as it only lasts about 5 minutes.