Silent Compromise: Social Engineering Fortune 500 Businesses presented at DerbyConVIIIEvolution 2018

by Joe Gray,

Summary : Social Engineering and Open Source Intelligence (OSINT) are silent modes of compromising businesses. This presentation takes experience from the field and from a simulated compromise of a Fortune 500 from a Social Engineering Capture the Flag and applies it to help organizations better understand the threat landscape and arms them with actionable advice to employ internally to minimize the impact of such attacks. We also identify places to find data, which provides insight for more valuable data sources. This includes a demo of OSINT techniques, phishing, and a pretexting discussion. This aims to help penetration testers, social engineers, and other interested (and authorized) parties find ways to gain information about an organization and its people to be able to overcome the technical limitations of the perimeter and gain access to allow further exploitation.