Hey all,<br><br>This is the abstract for the talk I'll be doing on the 1st of December (talk after the one this week).<br><br>Hope to see you all there!<br>
<br>
<u>Title</u><br>
<br>
A Salesman's Guide to Social Engineering<br>
<br>
<u>Abstract</u><br>
<br>
Talk this week by Gavin Ewan, this is the talk I have submitted for
BerlinSides in September (heres hoping). You'll be able to say you seen
it first right here at the Society!<br>
<p class="western" style="margin-bottom: 0cm">Social Engineering is
currently one of the buzz terms within the hacking field. Like
children with new toys, hackers everywhere white hat, black hat and
everything in between are rushing to learn just what Social
Engineering is and how they can add it to their arsenal.</p>
<p class="western" style="margin-bottom: 0cm">In this talk, I will
show how lessons can be learned from one of the oldest, most durable
professions, that of the salesman. I will talk about the true master
salesman, one who can quickly identify their customer's train of
thought and what signals they will respond to in order to gain a sale
and show how many useful parallels there are between a good sales
process and a Social Engineering attack/penetration test.
</p>
<p class="western" style="margin-bottom: 0cm">I will briefly go
through some models that have been taken from psychology and applied
to sales, but I will use them to apply directly to Social
Engineering. You will be surprised how well they fit and how little
alteration is needed!
</p>
<p class="western" style="margin-bottom: 0cm">I will show how
everything from searching for information on buyers to handling
objections to a sale can be used in an a SE attack (Same process for
researching a target? Objection handling for dealing with
curious/vigilant security?).
</p>
<p class="western" style="margin-bottom: 0cm">For those of you who
are more comfortable behind a computer screen than in front of
people, don't worry, I will also show exactly how you can apply these
techniques and why those who seem to be 'gifted talkers' fail almost
everytime.
</p>
<p class="western" style="margin-bottom: 0cm">Once I have looked at
the attack vectors I will do the only right thing and show exactly
how these very attacks can be better defended against. I will show
you how a process that is used every day by organisations, big and
small, can be tweaked and applied to your organisation in order to
protect you, your employees and importantly your customers and their
data against Social Engineering attacks.
</p>
<p class="western" style="margin-bottom: 0cm">By the end of this talk
you will be left with plenty of food for thought from your time with
an multi-award winning salesman turned ethical hacker. You will have
categorised yourself according to one of my key people types and know
what SE would be more effective against you. You will also be able
to start looking for those same signals in others, your friends, your
workmates, your targets? You will be armed with the process that I
use in an SE attack and the tools to do some thinking and research to
make your own similar process.
</p>