.

[Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Feb 20, 2009 7:00 pm

[Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

Slide Deck in Searchable PDF

38 Slides
6.74 MB


Look for video soon!




This is EH-Net's first of hopefully many more webcasts. How many more we do depends greatly on the size of the audience we reach. So now is the time for you to help the entire EH-Net Comunity by spreading the word and getting as many as you can to attend. Many thanks in advance.


Two additional announcements:

- After the live event, come right back to this thread to talk to Chris and Mike.
- A coupon code for a huge discount to the Social Engineering Master Class at ChicagoCon 2009s will be shown during the webcast. Don't miss it!!


This one is sponsored by Core Security Technologies.

Permanent link: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

Image


The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense.

Join world-renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray, as they prepare you for the future of pen testing. This webcast on Tuesday March 10, 2009 at 11:00 CST is your primer to the world of "Modern Social Engineering."



Image




Let us know what topics you'd like for us to cover in the future,
Don
Last edited by don on Wed Mar 11, 2009 12:31 pm, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Feb 20, 2009 7:57 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

Sweet just registered.  :P
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sat Feb 21, 2009 6:59 am

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

Cool, looking forward to it.
<<

gregtampa

Newbie
Newbie

Posts: 2

Joined: Thu Dec 06, 2007 2:20 am

Post Tue Feb 24, 2009 1:23 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

who else is going to chicon?
I'm try to make plans to be there!
<<

MicroJay

User avatar

Full Member
Full Member

Posts: 101

Joined: Wed Feb 04, 2009 4:19 pm

Post Tue Feb 24, 2009 8:05 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

Just registered!  Met Chris a couple years back.  Very interesting person.
Last edited by MicroJay on Wed Feb 25, 2009 7:10 am, edited 1 time in total.
GSEC - GCIH - GSNA - GPEN
<<

nmehra

Newbie
Newbie

Posts: 1

Joined: Wed Feb 25, 2009 12:33 am

Post Wed Feb 25, 2009 12:44 am

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

I am new to this webcast thing.
Does it require me to pay to attend the webcast?
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Feb 25, 2009 12:54 am

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

No sir. It's free... just like everything else on EH-Net.  8)

Welcome to the community,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

alan

User avatar

Newbie
Newbie

Posts: 48

Joined: Sat Dec 27, 2008 11:55 pm

Post Sun Mar 08, 2009 12:23 am

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

will this be recorded? would be interested to check it out but wont be able to watch it live
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Mar 10, 2009 12:34 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

Thanks everyone for the compliments on and offline. There were many questions we just couldn't get to, even though we allowed about another 10 - 15 minutes of Q&A. Then again, that's why we have this thread.  ;D

Here are a few more questions for the guys:

1. What are some ways that I can convince my boss that we should add SE into our normal pen tests both internally and externally?

2. How can I measure ROI for the SE portion of pen testing?

3. I know you mentioned Core IMPACT and Maltego. Can you expand on some of the more technical components that will be in the class?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

cnickerson

Newbie
Newbie

Posts: 7

Joined: Tue Mar 10, 2009 12:40 pm

Post Tue Mar 10, 2009 12:43 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

#1  here is my linked in profile.. Go there to look for the reading List.

http://www.linkedin.com/in/nickersonlares
<<

cnickerson

Newbie
Newbie

Posts: 7

Joined: Tue Mar 10, 2009 12:40 pm

Post Tue Mar 10, 2009 1:19 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

DAMNIT.. I wrote a resp for about 20 min.. and the site timed me out F%$#^%#


ok..  Ill go backwards.

3. I know you mentioned Core IMPACT and Maltego. Can you expand on some of the more technical components that will be in the class?

Its hard to show you everyhting without going over the whole class, but I can tell you some things. The outline is about 10 pages of bullets. Each section from intel collection to - gigging for information comes with training, examples, tools, practical exercise, and scnarios to make you put it all into play.

And what the hell..  don knows I am a liability... so heres a lil 0day.

(part of outline)


Determining Tests
•        Types of testing
o  Direction of attacks
o  External
  Electronic
•        Phishing
•        Client-side / browser side exploitation
• Metasploit
• Core
• By hand

•        Malicious attachments
  Person to Person
•        Phone
•        Written
•        Social Networks/IM
•        Public Manipulation
o  Internal
  Person to Person
•        Gaining access to physical credentials
•        Solicitation
•        Direct interaction
•        Creating spies / information leak sources
o  Methods (al mamalik,qulaam, kgb,cia,others)
o  Trading information
•        Becoming an employee
  Electronic
•        CD/Key drops
•        Authentication bypass
•        Key /perimeter bypass
•        Falsification of credentials
•        RFID/ HID copying


if u need more info... pm me..  =o)


Don
[/quote]
<<

jakx

Newbie
Newbie

Posts: 14

Joined: Mon Aug 11, 2008 9:20 am

Post Tue Mar 10, 2009 1:27 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

Was this video recorded by chance? I was not able to make it and would love to see it.
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Mar 10, 2009 1:48 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

don wrote:Thanks everyone for the compliments on and offline. There were many questions we just couldn't get to, even though we allowed about another 10 - 15 minutes of Q&A. Then again, that's why we have this thread.  ;D

Here are a few more questions for the guys:

1. What are some ways that I can convince my boss that we should add SE into our normal pen tests both internally and externally?

2. How can I measure ROI for the SE portion of pen testing?

3. I know you mentioned Core IMPACT and Maltego. Can you expand on some of the more technical components that will be in the class?

Don


Question #1 is what I was wonder. A corollary to that is, how do I get him to pay for my training? :)
twitter.com/timmedin | http://blog.securitywhole.com
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Mar 10, 2009 1:57 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

The webcast was recorded in a video format. I am reviewing it now. Give me a little bit to review, clips the start and ending, convert, etc. But it will be made available soon for those who didn't catch the coupon code for basically half off the ChicagoCon training.

w00t!!

Don
CISSP, MCSE, CSTA, Security+ SME
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Mar 10, 2009 3:11 pm

Re: [Article]-Webcast: Modern Social Engineering - A Vital Component of Pen Testing

It is if you believe it to be.  :o

Here are some more questions for Chris & Mike that didn't get answered during the live event:

Q: On a PenTest team, what is the best way to collaborate what you have found? I pentest and I have found that communication break down is one of the biggest problems within the PT team social context.

Q: It seems to me that there is not an orgnaization out there that would not fall for a client side attack.  There is always at least one person that will click on a malicious link.  Would a failure of such a test be the user clicking on a link, or lack of a safeguard such as A/V to prevent the malicious code from doing its thing?

To combine a bunch of questions... how does someone get into pen testing? What are your general thoughts on certs like CISSP? What foundational training would you recommend as a starting point?

Don
CISSP, MCSE, CSTA, Security+ SME
Next

Return to Special Events

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software