Clone of https://github.com/rmusser01/Infosec_Reference . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

12 KiB

##Social Engineering

TOC

CULL

###Cull

| I Will Kill You - Chris Rock(Defcon23)| https://www.youtube.com/watch?v=9FdHq3WfJgs

| Pwning People Personally - Josh Schwartz | https://www.youtube.com/watch?v=T2Ha-ZLZTz0

The Social Engineering Framework

  • The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering.

DiSC Overview

  • DiSC is a personal assessment tool used to improve work productivity, teamwork and communication. DiSC is non-judgmental and helps people discuss their behavioral differences.

http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3152826/

###Articles

Source Handling Source Recruitment List of the 48 Laws of Power Influence: Book notes

###Books

Paul Ekmans research

Toastmaster's guide to body language Miss Manners Guide to Excellent Manners Influence: Science and Practice Art of Deception Social Engineering: Art of Human Hacking Anything by Paul Eckman and his research What Every Body is saying Art of the Steal Craft of Intelligence How to Win Friends and Influence People Thank You For Arguing, Revised and Updated Edition: What Aristotle, Lincoln, And Homer Simpson Can Teach Us About the Art of Persuasion The Amy Vanderbilt Complete Book of Etiquette Propaganda by Edward Bernays Art of War by Sun Tzu Language Intelligence: Lessons on persuasion from Jesus, Shakespeare, Lincoln, and Lady Gaga The Prince by Machiavelli The Definitive Book of Body Language - Barbara pease 48 Laws of Power Thinking Fast and Slow Unmasking the Social Engineer: The Human Element of Security Emotions Revealed, Second Edition: Recognizing Faces and Feelings to Improve Communication and Emotional Life Influence Without Authority

###Presentations:

Social Engineering Like In Movies -- Reality of awareness and manipulation - Dale Pearson- #days

Manipulating Human Minds: The Psychological Side of Social Engineering - Christina Camilleri - CrikeyCon

Psychological Tricks of the Social Engineer - William Tarkington - GrrCON2012

  • While several Social Engineering talks and books focus on the techniques no one clearly explains why they work. Learn why the techniques are used and what impact they have on behavior. Discover aspects of human social interaction that can be leveraged to accomplish discrete and specific goals. Gain a firm understanding of the limitations of humans objective reasoning. Finally understand the social rules that are used to navigate within the social engineering construct.

Social Engineering: The Good, the Bad, and the Ugly -- Stephanie Carruthers

Deceiving the heavens to cross the sea Jayson E Street

How I met your girlfriend - Samy Kamkar - Defcon18

Steal Everything, Kill Everyone, Cause Total Financial Ruin!

  • This is not a presentation where I talk about how I would get in or the things I might be able to do. This is a talk where I am already in and I show you pictures from actual engagements that I have been on. They say one picture is worth a thousand words I show you how one picture cost a company a million dollars and maybe even a few lives. In a community where we focus so much on the offensive I also make sure with every attack I highlight. I spend time discussing what would have stopped me. We need to know the problems but we need more talks providing solutions and that is what I hope people will get from this. I show the dangers of Social engineering and how even an employee with no SE experience can be an eBay James Bond which can cause total financial ruin to a company. These Security threats are real. So are these stories!

Social Engineering: The Gentleman Thief - Apollo Robins - Defcon21

Go With the Flow Strategies for Successful Social Engineering - Chris Silvers

The Dirty South - David Kennedy and Nick Hitchcock - Defcon21

  • It seems that every day there's a new NextGen firewall, whitelisting and blacklisting, DLP, or the latest technology thats suppose to stop us. But does it really stop "hackers"? Truth is, naw not really. In this talk we'll be showing off the latest bypass techniques for the "latest" hacker stoppers, using a universally whitelisted website as our middle man for a command and control, social engineering our way into some of the toughest companies, and showing off some techniques that work for us. This talk is about throwing misconceptions of protection and safety out the window, and going back the dirty south. Where thinking outside of the box is a requirement. We'll be releasing two new tools, one that makes meterpreter invisible over the network, and the other a shell that uses a popular third party as the command and control. A vulnerability scanner won't help you herrrrrrre.

No-Tech Hacking - Hacking without a Computer - Johnny Long

The Science of Social Engineering: NLP, Hypnosis and the science of persuasion-Defcon15

Beyond Social Engineering: Tools for Reinventing Yourself - Defcon14

  • Managing multiple modular identities is not a trivial task. But that's what the technologies and politics of Now demand. These tools will enable you to create personas at a deep level, then link them into a seamless life.

Social Engineering: When the Phone is More Dangerous than Malware

  • Is social engineering (SE) the most dangerous security threat to your business? The Social-Engineer team will analyze current trends in social engineering through the official (and unofficial) results from the DefCon 21 Social Engineering Capture the Flag event. They will reveal how these attacks work, the latest social engineering research and how to use this information to protect organizations.

What Your Body Tells Me - Body Language for the SE

Manipulating Human Minds: The Psychological Side of Social Engineering - Christina Camilleri - CrikeyCon

Social Engineering Like In Movies -- Reality of awareness and manipulation - Dale Pearson

How do you Feel about your Mother? Psych and The SE - Michele Fincher

[DEF CON 11 Hacking Conference Presentation By Panel - Social Engineering Fundamentals(https://www.youtube.com/watch?v=Pcrmpevn5K0&index=12&list=PLMcNSdhdNcP1RZDn1GtTETHtAN3I6-M-r)

Social Engineering Defense Contractors on LinkedIn and Facebook

Social Engineering, or "hacking people" - DefCamp 2014

The Future of Social Engineering - Sharon Conheady - DeepSec2010

  • Social engineering is hitting the headlines more than ever. As computer security becomes more sophisticated, hackers are combining their technical expertise with social engineering to gain access to IT infrastructures and critical information. In any security programme people are the weakest link. It can often be easier and quicker to target the end user than using technical hacking techniques. When you combine both social engineering and traditional hacking techniques, you have an extremely dangerous attack. So what's next on the social engineering agenda? What are the emerging trends and what social engineering techniques might we expect to see in the future? In this talk, I will give an overview of the types of social engineering attacks people have used throughout the ages, from tricks used by the classic conmen of the past to the phishing attacks that are at an all time high, and the proliferation of social networking and how useful this is to social engineers. I will describe some of the new social engineering techniques and trends that are emerging and discuss war stories from my experience of social engineering, describing techniques I have used to gain access to sensitive information

Disguise - Appearance Hacking

Why use makeup? Blend into crowd Pose as employee/vendor Regain access if caught Create distraction for teammates Whom to disguise as? Technician Sales Executive Goodwill Employee Interview Candidate Easy to see goings on Pedestrian Sidewalk Sleeper Transform into another person: Can take minutes/hours Examine each physical attribute Some modified easier than others Entire appearance makes the difference. One part is off, whole cover can be blown If using hardhat, make sure to beat the shit out of it. Add stickers.

###Research Papers

Construal-Level Theory of Psychological Distance

  • Abstract: People are capable of thinking about the future, the past, remote locations, another person’s perspective, and counterfactual alternatives. Without denying the uniqueness of each process, it is proposed that they constitute different forms of traversing psychological distance. Psychological distance is egocentric: Its reference point is the self in the here and now, and the different ways in which an object might be removed from that point—in time, in space, in social distance, and in hypotheticality—constitute different distance dimensions. Transcending the self in the here and now entails mental construal, and the farther removed an object is from direct experience, the higher (more abstract) the level of construal of that object. Supporting this analysis, research shows (a) that the various distances are cognitively related to each other, (b) that they similarly influence and are influenced by level of mental construal, and (c) that they similarly affect prediction, preference, and action.