[dundee] Talk by Gavin Ewan for 01-12-2011

[Gavin Ewan]

Hey all,

This is the abstract for the talk I'll be doing on the 1st of December
(talk after the one this week).

Hope to see you all there!

*Title*

A Salesman's Guide to Social Engineering

*Abstract*

Talk this week by Gavin Ewan, this is the talk I have submitted for
BerlinSides in September (heres hoping).  You'll be able to say you seen it
first right here at the Society!

Social Engineering is currently one of the buzz terms within the hacking
field. Like children with new toys, hackers everywhere white hat, black hat
and everything in between are rushing to learn just what Social Engineering
is and how they can add it to their arsenal.

In this talk, I will show how lessons can be learned from one of the
oldest, most durable professions, that of the salesman. I will talk about
the true master salesman, one who can quickly identify their customer's
train of thought and what signals they will respond to in order to gain a
sale and show how many useful parallels there are between a good sales
process and a Social Engineering attack/penetration test.

I will briefly go through some models that have been taken from psychology
and applied to sales, but I will use them to apply directly to Social
Engineering. You will be surprised how well they fit and how little
alteration is needed!

I will show how everything from searching for information on buyers to
handling objections to a sale can be used in an a SE attack (Same process
for researching a target? Objection handling for dealing with
curious/vigilant security?).

For those of you who are more comfortable behind a computer screen than in
front of people, don't worry, I will also show exactly how you can apply
these techniques and why those who seem to be 'gifted talkers' fail almost
everytime.

Once I have looked at the attack vectors I will do the only right thing and
show exactly how these very attacks can be better defended against. I will
show you how a process that is used every day by organisations, big and
small, can be tweaked and applied to your organisation in order to protect
you, your employees and importantly your customers and their data against
Social Engineering attacks.

By the end of this talk you will be left with plenty of food for thought
from your time with an multi-award winning salesman turned ethical hacker.
You will have categorised yourself according to one of my key people types
and know what SE would be more effective against you. You will also be able
to start looking for those same signals in others, your friends, your
workmates, your targets? You will be armed with the process that I use in
an SE attack and the tools to do some thinking and research to make your
own similar process.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/dundee/attachments/20111115/201ad1af/attachment.htm>