28C3 - Version 2.3.5

28th Chaos Communication Congress
Behind Enemy Lines

Speakers
Aluc
Schedule
Day Day 4 - 2011-12-30
Room Saal 1
Start time 14:00
Duration 01:00
Info
ID 4856
Event type Lecture
Track Hacking
Language used for presentation English
Feedback

The engineering part of social engineering

Why just lying your way in won't get you anywhere

All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach, what if i get in and don't know what to do then. The talk is about the reconn. before the assessment, the different approaches of SE. Which techniques can one use, how to do a proper intel. and what is useful. How things work and more important why. Which skill set should one have before entering a engagement. And last but not least how do one counter a SE attack.

Preface:

Needed Skillset:

-physical (ie.NLP)

-logical Customer Preparation:

-theoretical models of attack

-check customer needs by his business

-Contract

Preparation & Reconnaissance:

-threat modeling

-physical

-logical

Project Planing:

-Storyboard

-the target

-infiltration

-fetching data/reaching the target

-exfiltrate

-backup plans

Infiltration:

Find & fetch the data:

Exfiltrate the data:

Writing report:

Business impact analyses:

customer meeting: