28C3 - Version 2.3.5

28th Chaos Communication Congress
Behind Enemy Lines

Referenten
Aluc
Programm
Tag Day 4 - 2011-12-30
Raum Saal 1
Beginn 14:00
Dauer 01:00
Info
ID 4856
Veranstaltungstyp Vortrag
Track Hacking
Sprache der Veranstaltung englisch
Feedback

The engineering part of social engineering

Why just lying your way in won't get you anywhere

All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach, what if i get in and don't know what to do then. The talk is about the reconn. before the assessment, the different approaches of SE. Which techniques can one use, how to do a proper intel. and what is useful. How things work and more important why. Which skill set should one have before entering a engagement. And last but not least how do one counter a SE attack.

Preface:

Needed Skillset:

-physical (ie.NLP)

-logical Customer Preparation:

-theoretical models of attack

-check customer needs by his business

-Contract

Preparation & Reconnaissance:

-threat modeling

-physical

-logical

Project Planing:

-Storyboard

-the target

-infiltration

-fetching data/reaching the target

-exfiltrate

-backup plans

Infiltration:

Find & fetch the data:

Exfiltrate the data:

Writing report:

Business impact analyses:

customer meeting:

Archived page - Impressum/Datenschutz