The Dark Arts of Social Engineering - SANS Security Awareness Summit 2018
HTML-код
- Опубликовано: 22 окт 2018
- Jen Fox shares insights she has gained through her experiences as a social engineer. What exactly is social engineering and what goes into a social engineering campaign? What does social engineering look like and what tricks or techniques has Jen found to be the most successful? Most importantly, what has she found to make people and/or organizations more resilient to these attacks? Jen will share various real world stories, to include recorded conversations of real social engineering attacks.
SANS Summit schedule: www.sans.org/u/DuS
To see more talks like this, join us at the upcoming Security Awareness Summit 2020 (Dec 3-4 | Live Online): www.sans.org/u/17hp
You guys genuinely are fools to think this doesn't work. Most ppl are scared of being scolded by their boss so if you put yourself as an authority figure they'll do what you ask within reason.
Hey I’m not a fool I would be sleeping with my boss
SANS = French meaning "WITHOUT." Reminds us of what the WEF told us: "You will own NOTHING, and BE HAPPY."
Stop 💀
When it all crashes where will they be?
ligma nuts
Jen Fox - you RULE.
Love ur videos sans very educational & i really want to study 📖 ur material ☺️
See, when I think of social engineering I think of a machine or group of people mentally steering others to do their bidding... Typically without their knowledge of the larger intention or hidden agenda.
Bernays!
That's another definition for it, but "social engineering" in hacker terminology has always meant what she is describing here.
@@LeoGang89 correct.
Exactly!
Giving personal information (passwords) to people I belief I can trust I’ve done it myself.
Jen your awesome!
Ultra Job!
Very helpful video
I used to do telemarketing. Kindof similar, wierdly. Works well if you create a friendly connection that's combined with aggression. Guess some self-help stuff and cult stuff follows this model. In a way they are using concepts that seem unique to you and your experiences in life that no one ever talks about but everyone experiences to create familiarity and trust and establish themselves as credible and then throw in whatever they want you to believe.
doesnt it make u feel like POS?
@@alen-commentnazi8774 eventually, when it was really sketchy insurance company and really nice old ladies. i had to quit. but it was safe, decently paying, not physically stressing work with a flexible part-time schedule.. very hard to say no to when you are just getting set up in a new career or saving for school and need some money to live or pay tuition. knowing it was a stepping stone and temporary was the only way i could do it. then again, most high paying jobs are much more evil.. i don't know how people live with themselves. actually i do.. because i massaged them for a living. it is highly stressful for a healthy person with empathy so basically they ruin their health and quality of life because they cannot sleep and always have conflicts at work because others are on a different wavelength. i swear some people though, they don't even bat an eye lash doing evil stuff all day long making $$$. They have a balance with social validation, alcohol/drugs, getting massages, working out, cottage life, having the 'perfect' partner, vacation life, just making it work for themselves while they are deeply unfulfilled inside. Meanwhile this is the partner most young people seek, if they have so little values at work how do you think they will treat you? And a high income isn't a guarantee of wealth as many people spend more than they earn on clothes, car, house, decor, eating out/ordering in and are in debt. Whereas people with modest income who work hard doing something meaningful may have more savings as they value the money and live within their means. The sad thing is even for a low wage it is truly challenging to do anything that feels meaningful anymore, even to volunteer for FREE the orgs seem lacking or corrupt/poorly managed. I still recommend to try and volunteer in your community, it can be fulfilling and also eye-opening.
Very informative
Thanks for a great educational video
Scary stuff
What a great video thanks Jen. I'm definitely going to look at spear phishing people in my org with the birthday coffee email.
Every time you call help lines they record your voice and fuck you up, this is exactly what I get on the helpline, lifeline, mensline, suicide line etc
Love how the audience cheered for the girl who wouldn't give her password out, that was cute 🙂🎉
The Tavistock Institute & Eugenics - know your history
I am the glib glo glob gulub
That book is now up to 8.99, unfortunately.
Social Engineering- When they hijack a term that means something completely different than what they tell you it does, so you can't easily get information on the REAL meaning of the terminology. 🤦
The only time a person gets my password is if they're IT and actually been contacted by me already and I'm on the call.
This comment doesnt make sense
where i can report this?
the report button
There's a million ways to get paid
but there's only one way to get laid
Abhi Raj find out next time on dragon ball z 🐉
Teach me
@@onlyhope6001 the game is to be sold not told
And she thinks it"s funny. Read John Coleman's book " The Tavistock Institution Of Human Relations"
She’s arrogant thinking it’s funny playing with peoples head! There’s an old proverb about Pride and haughty arrogance have witnessed repeated over and over through history and my lifetime.
😊
Sands underman
i would say, talk to my boss
Even my kids know never to give sensible informations over the phone!
😂😂😂😂
Amanda sounds nasally and meek, but she's sharp as a fox! Especially the asking for the number part. hehe
She kind of reminds me of Joyce Meyers for some reason.
jen is so cute
No Indian accent so she should have known it wasn't legit.
This how low man can get ..
Living in a place where criminals often call you from jail, this would never work. NO info is given over the phone. Period.
- 4:28 about 50\% of people even share their password in a phone call
- 7:40 the hacker leverages what is current (!) in the victims life. (related / exploitable topics in public news or personal changes in the victims life)
- 8:11 the hacker leverages credibility that others have built (trust in friends, business partners, police, ...)
- 9:02 the hacker will try to use the same terminology as the victim (department names, ...)
- 20:17 the hacker walks the victim through a complex procedure and make sthe victim comply a lot of times until so the victim gets used to complying.
- 21:55 the attack demands in instant response from the victim to put it under pressure
- 22:36 the hacker puts the victim into a position in which it has to violate social norms to resist the attack
- 6:55 attacks might reward you with a fake-reward that seems feasible (a small voucher for the cafeteria, ...)
- 27:26 hacker might not ask directly for information, but instead first get your trust, and ask you to give your information during a follow-up interaction.
- 35:00 the hacker first garners information from people around the actual victim that are easier to hack. The hacker then uses that information to seem more credible for the victim.
- 36:46 talk to others if you feel like you might had an interaction with a hacker. there might be a second interaction with the hacker.
for employers:
- 35:45 uncertainty puts your employees under pressure. Define processes that one has to stick to in special situations that might be simulated by a hacker.
- 37:08 your employees have to know that it is okay to insist on sharing critical information in secure ways only.
Thanks for uploading this great video!
Thank you for this summary, helpful!
😈 🧙
So to what end? All I know is that we're in the end times and there could be catastrophe coming soon like a civil war over gun rights or something like this because if you can do social engineering to stop it then I would be really impressed!
lmao a civil war over gun rights
"I'm going to pick up a gun and shoot you for my right for you to not be able to pick up a gun to shoot me!"
@@WhompingWalrus I agree you have that right ...and also in the reverse....2nd amendment is for protection from the Corruption of Govt.and self defense .. like what might happen in virginia on January...20th..we are being attacked in multiple fronts.b y the New World Order!🥁☠️🥁everyone now realize the government has been commandeered🛡️⚔️🛡️
hey its been a year.................
The plandemic.
Have IQ's dropped that badly? "I want to do this and that with your system because of Blah Blah or this person in the company said I could" The most powerful response? NO but if you give me your name and details I will notify the appropriate person. End of story no matter what is said next.
I have never used this meme/phrase but it sure seems like the most appropriate response to this comment: Okay boomer.
@@143jeg Your welcome youngster.(I haven't used that phrase in a while)
@@143jeg Hey,your welcome youngster.(Haven't used that phrase in awhile)
Lol... You only have to post once on these new fangled computer things boomer, maybe typewriters worked differently, I'm not sure. In all seriousness though, it is important to remember that it is not a lack of intelligence that makes users susceptible to social engineering. It is a lack of proper policy and training.
@@143jeg I agree and apologize for a badly thought out and worded post. Thanks for taking the time to point out my error.
Fox or 666
The conspiracy theorists in these comments is hilarious. Bot farms.
i cant believe how attracted to jen fox i am omg what a babe =] great video
She seems to much like a "Karen" to be a really good social engineer.
Sounds like you've been social engineered
@@723kwrenn yep
she sounds nervous the whole time
@@723kwrenn I'm curious, how does saying someone sounds like a "Karen" equate to me being social engineered?
Idk. Being able to come across as one thing (nervous or a “Karen”) when you’re really something else (expert social engineer) seems like it would be a useful trait in her line of work. I’d personally be more suspicious of someone who was completely slick in their delivery