Social Engineering for Penetration Testers

Explore the evolution of social engineering techniques and their impact on cybersecurity in this comprehensive conference talk. Delve into the world of deception and impersonation used to gain unauthorized access to resources, from computer networks to physical buildings. Learn why social engineering attacks continue to succeed despite increased awareness, and discover how logical security remains vulnerable when physical security is weak. Gain insights into conducting effective social engineering tests, understanding their importance in assessing an organization's security controls and staff awareness. Compare social engineering practices from 2009 to 2018, examining what has changed and what remains constant in this ever-evolving field. Analyze real-world examples, including the "10 squared attack," diamond heists, and various scenarios used by social engineers. Equip yourself with knowledge on physical reconnaissance, sample scenarios, and practical tips for conducting social engineering tests in today's cybersecurity landscape.

Intro
Welcome
Back in 2009
Whats changed
Class reunion
Fake vouchers
What has changed
Why does social engineering work
Examples of social engineering
The 10 squared attack
Social engineering in 2009
Fair Play
Carlos Hector Flamenbaum
Go get him
Diamond heists
Strippers
Diamond Heist
Social Engineering
Physical Reconnaissance
Scenarios
Sample scenarios
Short
IT Department
School
telecoms engineer
Tesco
Pizza Delivery
Weightlifter
Fire Inspector
Sharon