28C3 - Version 2.3.5
28th Chaos Communication Congress
Behind Enemy Lines
Referenten | |
---|---|
Aluc |
Programm | |
---|---|
Tag | Day 4 - 2011-12-30 |
Raum | Saal 1 |
Beginn | 14:00 |
Dauer | 01:00 |
Info | |
ID | 4856 |
Veranstaltungstyp | Vortrag |
Track | Hacking |
Sprache der Veranstaltung | englisch |
Feedback | |
---|---|
Haben Sie diese Veranstaltung besucht? Feedback abgeben |
The engineering part of social engineering
Why just lying your way in won't get you anywhere
All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach, what if i get in and don't know what to do then. The talk is about the reconn. before the assessment, the different approaches of SE. Which techniques can one use, how to do a proper intel. and what is useful. How things work and more important why. Which skill set should one have before entering a engagement. And last but not least how do one counter a SE attack.
Preface:
Needed Skillset:
-physical (ie.NLP)
-logical Customer Preparation:
-theoretical models of attack
-check customer needs by his business
-Contract
Preparation & Reconnaissance:
-threat modeling
-physical
-logical
Project Planing:
-Storyboard
-the target
-infiltration
-fetching data/reaching the target
-exfiltrate
-backup plans
Infiltration:
Find & fetch the data:
Exfiltrate the data:
Writing report:
Business impact analyses:
customer meeting: