45 min listen
Unavailable
Currently unavailable
2018--033-Chris_Hadnagy-SE-OSINT-vishing-phishing-book_interview-pt2
Currently unavailable
2018--033-Chris_Hadnagy-SE-OSINT-vishing-phishing-book_interview-pt2
ratings:
Length:
60 minutes
Released:
Sep 15, 2018
Format:
Podcast episode
Description
Part 2 of our interview with Chris Hadnagy Discuss more about his book, best ways to setup your pre-text in an engagement how you might read someone on a poker table a great story about Chris's favorite person “Neil Fallon” from the rock band “Clutch” and we talk about “innocent lives foundation”, something near and dear to Chris' heart. We start the second part of our interview with Chris with the question “are the majority of your SE engagements phishing and calls, or is it physical engagements?” Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9 SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/ Chris’ Podcast: https://www.social-engineer.org/podcast/ SECTF at Derby (contestants are chosen) Remembering - attention to detail Remembering details Can be the difference between success and failure Social Engineering - the different aspects: Info Gathering Time constraints Accommodating non-verbals Body language must match mood Using a slower rate of speech Suspending ego RSVP Rapport Psychology “Getting information without asking for it” Elicitation ‘The Dark Art’ -negative outcome for the target Manipulation “Getting someone to do what you want them to do” Understanding the science of compliance Influence Profiling Communications Modeling Facial Expressions Body Language Don’t overextend your reach Knowledge that comes from a point of truth, or is easily faked Pretexting Emotional Hijacking Misdirection Art Science Questions: What precipitated the need to write another book? You bring up several successful operations, and several failures… How do you regroup from a failure, especially if the point of entry is someone that ‘got you’... “The level of the assistance you request must be equal to the level of rapport you have built” - Seems like understanding this is an acquired skill, not set in stone… Many of us in the infosec world are introverts… how do you suggest we hone our skills in building rapport without coming off as creepy? Work place? On the commute? Does being an introvert mean that it might take longer to get to the goal? Can we use our introverted natures to our advantage? Get Ryan on the show… Lots of items (8 principles of influence) Typical daily SE activities Holding a door open, then the person reciprocates Framing We don’t ‘kill our dogs’, we ‘put them to sleep’. Questions from our Slack: Ben: Do you feel there's an importance for non-InfoSec adjacent folks to learn about Social Engineering, and maybe go through some sort of training in order to navigate day-to-day life in the modern world? What does an interview at Chris’ company look like? https://www.innocentlivesfoundation.org/ Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Released:
Sep 15, 2018
Format:
Podcast episode
Titles in the series (100)
2020-018- Masha Sedova, bespoke security training, useful metrics to tailor training: Masha Sedova - Founder, Elevate Security Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this... by BrakeSec Education Podcast