Secdocs

Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Social Engineering for Penetration Testers

General Info
Type
Video
Tags
social engineering
Authors
Sharon Conheady
Event
REcon 2006
Indexed on
Jul 11, 2014
File details
URL
https://archive.org/download/Sharon_Conheady_Social_Engineering_for_Penetration_Testers/T18-Recon2006-Sharon_Conheady-Social_Engineering_for_penetration_testers.avi-xvid.avi
File name
T18-Recon2006-Sharon_Conheady-Social_Engineering_for_penetration_testers.avi-xvid.avi
File size
393.6 MB
MD5
929b0c1f5f05aa601597bdf2fe5a065c
SHA1
97899450a2d0a8cb9300630d8ed341c131ec68fe
Abstract

In recent years, people have become more familiar with the term "social engineering", the use of deception or impersonation to gain unauthorised access to resources from computer networks to buildings. Does this mean that there are fewer successful social engineering attacks? Probably not. In fact, because computer security is becoming more sophisticated and more difficult to break (although this is still very possible) more and more people are resorting to social engineering techniques as a means of gaining access to an organisations' resources. Logical security is at a much greater risk of being compromised if physical security is weak and security awareness is low. Performing a social engineering test on an organisation gives a good indication of the effectiveness of current physical security controls and the staff's level of security awareness. But once you have decided to perform a social engineering test, where do you start? How do you actually conduct a social engineering test? There are many different types of social engineer attacks, from mumble attacks (pretending to be speech impaired on the telephone) to ten attacks (using an attractive person to distract security) to reverse engineering (helping the target individual with a technical problem and then proceeding to elicit information from them). In my career, I mostly use social engineering for intrusion, gaining access to an organisations building. Therefore, although I will describe a selection of attacks, my talk will focus on gaining entry to buildings. However, gaining entry to buildings more often than not involves identifying and communicating with a target individual or individuals by telephone / email / fax / etc., so I will touch briefly on these areas also.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.

Statistics

Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.

Contribute

To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !