|
don
|
 |
« on: February 20, 2009, 06:00:28 PM » |
|
This is EH-Net's first of hopefully many more webcasts. How many more we do depends greatly on the size of the audience we reach. So now is the time for you to help the entire EH-Net Comunity by spreading the word and getting as many as you can to attend. Many thanks in advance.
Two additional announcements:
- After the live event, come right back to this thread to talk to Chris and Mike.
- A coupon code for a huge discount to the Social Engineering Master Class at ChicagoCon 2009s will be shown during the webcast. Don't miss it!!
This one is sponsored by Core Security Technologies. Permanent link: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen TestingThe world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war? To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense. Join world-renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray, as they prepare you for the future of pen testing. This webcast on Tuesday March 10, 2009 at 11:00 CST is your primer to the world of "Modern Social Engineering." Let us know what topics you'd like for us to cover in the future, Don |
|
|
|
« Last Edit: March 11, 2009, 12:31:18 PM by don »
|
Logged
|
CISSP, MCSE, CSTA, Security+ SME
|
|
|
|
xXxKrisxXx
|
 |
« Reply #1 on: February 20, 2009, 06:57:23 PM » |
|
Sweet just registered.  |
|
|
|
|
Logged
|
eCPPT, GCIH, OSCP, OSWP
|
|
|
|
Andrew Waite
|
|
« Reply #2 on: February 21, 2009, 05:59:16 AM » |
|
Cool, looking forward to it.
|
|
|
|
|
Logged
|
|
|
|
|
gregtampa
|
|
« Reply #3 on: February 24, 2009, 12:23:27 PM » |
|
who else is going to chicon?
I'm try to make plans to be there!
|
|
|
|
|
Logged
|
|
|
|
|
MicroJay
|
|
« Reply #4 on: February 24, 2009, 07:05:06 PM » |
|
Just registered! Met Chris a couple years back. Very interesting person.
|
|
|
|
« Last Edit: February 25, 2009, 06:10:24 AM by MicroJay »
|
Logged
|
GSEC - GCIH - GSNA - GPEN
|
|
|
|
nmehra
|
|
« Reply #5 on: February 24, 2009, 11:44:33 PM » |
|
I am new to this webcast thing.
Does it require me to pay to attend the webcast?
|
|
|
|
|
Logged
|
|
|
|
|
don
|
|
« Reply #6 on: February 24, 2009, 11:54:16 PM » |
|
No sir. It's free... just like everything else on EH-Net.  Welcome to the community, Don |
|
|
|
|
Logged
|
CISSP, MCSE, CSTA, Security+ SME
|
|
|
|
alan
|
|
« Reply #7 on: March 07, 2009, 11:23:29 PM » |
|
will this be recorded? would be interested to check it out but wont be able to watch it live
|
|
|
|
|
Logged
|
|
|
|
|
don
|
|
« Reply #8 on: March 10, 2009, 12:34:18 PM » |
|
Thanks everyone for the compliments on and offline. There were many questions we just couldn't get to, even though we allowed about another 10 - 15 minutes of Q&A. Then again, that's why we have this thread.  Here are a few more questions for the guys: 1. What are some ways that I can convince my boss that we should add SE into our normal pen tests both internally and externally? 2. How can I measure ROI for the SE portion of pen testing? 3. I know you mentioned Core IMPACT and Maltego. Can you expand on some of the more technical components that will be in the class? Don |
|
|
|
|
Logged
|
CISSP, MCSE, CSTA, Security+ SME
|
|
|
|
|
|
cnickerson
|
|
« Reply #10 on: March 10, 2009, 01:19:39 PM » |
|
DAMNIT.. I wrote a resp for about 20 min.. and the site timed me out F%$#^%#
ok.. Ill go backwards.
3. I know you mentioned Core IMPACT and Maltego. Can you expand on some of the more technical components that will be in the class?
Its hard to show you everyhting without going over the whole class, but I can tell you some things. The outline is about 10 pages of bullets. Each section from intel collection to - gigging for information comes with training, examples, tools, practical exercise, and scnarios to make you put it all into play.
And what the hell.. don knows I am a liability... so heres a lil 0day.
(part of outline)
Determining Tests
• Types of testing
o Direction of attacks
o External
Electronic
• Phishing
• Client-side / browser side exploitation
• Metasploit
• Core
• By hand
• Malicious attachments
Person to Person
• Phone
• Written
• Social Networks/IM
• Public Manipulation
o Internal
Person to Person
• Gaining access to physical credentials
• Solicitation
• Direct interaction
• Creating spies / information leak sources
o Methods (al mamalik,qulaam, kgb,cia,others)
o Trading information
• Becoming an employee
Electronic
• CD/Key drops
• Authentication bypass
• Key /perimeter bypass
• Falsification of credentials
• RFID/ HID copying
if u need more info... pm me.. =o)
Don
[/quote]
|
|
|
|
|
Logged
|
|
|
|
|
jakx
|
|
« Reply #11 on: March 10, 2009, 01:27:14 PM » |
|
Was this video recorded by chance? I was not able to make it and would love to see it.
|
|
|
|
|
Logged
|
|
|
|
|
timmedin
|
|
« Reply #12 on: March 10, 2009, 01:48:56 PM » |
|
Thanks everyone for the compliments on and offline. There were many questions we just couldn't get to, even though we allowed about another 10 - 15 minutes of Q&A. Then again, that's why we have this thread. Here are a few more questions for the guys: 1. What are some ways that I can convince my boss that we should add SE into our normal pen tests both internally and externally? 2. How can I measure ROI for the SE portion of pen testing? 3. I know you mentioned Core IMPACT and Maltego. Can you expand on some of the more technical components that will be in the class? Don Question #1 is what I was wonder. A corollary to that is, how do I get him to pay for my training?  |
|
|
|
|
Logged
|
|
|
|
|
don
|
|
« Reply #13 on: March 10, 2009, 01:57:16 PM » |
|
The webcast was recorded in a video format. I am reviewing it now. Give me a little bit to review, clips the start and ending, convert, etc. But it will be made available soon for those who didn't catch the coupon code for basically half off the ChicagoCon training.
w00t!!
Don
|
|
|
|
|
Logged
|
CISSP, MCSE, CSTA, Security+ SME
|
|
|
|
don
|
 |
« Reply #14 on: March 10, 2009, 03:11:47 PM » |
|
It is if you believe it to be.  Here are some more questions for Chris & Mike that didn't get answered during the live event: Q: On a PenTest team, what is the best way to collaborate what you have found? I pentest and I have found that communication break down is one of the biggest problems within the PT team social context. Q: It seems to me that there is not an orgnaization out there that would not fall for a client side attack. There is always at least one person that will click on a malicious link. Would a failure of such a test be the user clicking on a link, or lack of a safeguard such as A/V to prevent the malicious code from doing its thing? To combine a bunch of questions... how does someone get into pen testing? What are your general thoughts on certs like CISSP? What foundational training would you recommend as a starting point? Don |
|
|
|
|
Logged
|
CISSP, MCSE, CSTA, Security+ SME
|
|
|
|
