Description Present your social engineering experience or fictional story on how to deceive or manipulate people in the attacker's malicious interest.
Website(s) https://pads.ccc.de/32c3-seps
Type Talk
Kids session No
Keyword(s) social, art, hacking, security
Tags Social Engineering
Person organizing Uebelhacker
Language
{{{Held in language}}}
Other sessions...
Starts at 2015/12/29 19:00
Ends at 2015/12/29 21:00
Duration 120 minutes
Location Hall C.1

updates here if wiki down: https://pads.ccc.de/32c3-seps (slammers appear at least 30min in advance)


tl;dr

Present your social engineering experience or fictional story on how to deceive or manipulate people in the attacker's malicious interest.


Disclaimer

This pilot slam is the follow-up session of the bootstrapping session from day 1 (http://32c3-wiki.top/congress/2015/wiki/Session%3ASocial_Engineering_Poetry_Slam_bootstrap).


Call for Poets (CfP)!

Present your social engineering experience or fictional story on how to deceive or manipulate people in the attacker's malicious interest, e.g., how you got social engineered or heard from a social engineering incident or how someone managed to detect and mitigate it. This session works similar to poetry slams. On 32C3 this event is pilot slam due to the short preparation time for slammers.


How to become a slammer?

Register yourself on the slammer list in the pad (https://pads.ccc.de/32c3-seps) and appear at the venue at least 30min in advance. If enough people want to present their social engineering stories, the event will happen as a slam; otherwise, we can discuss social engineering attacks. After the list is shuffled, you present your social engineering story in 10min — you can decide in which form and style, but you can use your voice only: no beamer for slides; no direct interaction with the audience (and do no harm), no other "tools" like for magicians. Please, respect the privacy of others if you talk about sensitive information. Few previously chosen members of the audience will rate your talk. Due to the short time, we will conduct one round only without a typical final round for the "best" three. The winner will get an "award" ;) The audience jury members can assess (1-10, and hopefully audience is not social engineered ;) the presented stories based on e.g.,

  • presentation style
  • novelty
  • creativity
  • feasibility of attack
  • feasibility of real-life experiments
  • scalability of attack


Why all this?

A poetry slam can be a novel research approach to find stories of social engineering attacks, fictional or experienced. This slam will give us a new platform to discover and discuss afterwords social engineering.

There are many definitions of social engineering in the wild, but for me in short: a human interaction needs to be present to enable the attack, i.e., dumpster diving is not social engineering, it's just gathering pre-attack information, but (spear) phishing or scams like the "Enkeltrick" are. The community discusses some persuasion principles of why people succumb to these attacks. Presentations can base on these principles:

  • Stajano/Wilson (2009): Distraction, Herd principle, Time principle, Dishonesty, Need and Greed, Deception, Social Compliance
  • Cialdini (2001): Authority, Scarcity, Commitment & Consistency, Liking, Social Proof, Reciprocity