Everyone knows what phishing is. Everyone realizes Java applets lead to massive storms of shells. Everyone accepts tailgating is the easiest way into your building. Everyone knows smoking (areas) are bad for you AND your business. Admit it, you paid for that EXACT assessment last year. I could write your report for you without even doing the job. So what’s the problem you ask? That’s EXACTLY the problem, I say. So how do we fix these issues that plague our industry and misalign business expectations? This talk will discuss the value of Social Engineering exercises when conducted with realistic goals yielding actionable results. Of course, that means putting in REAL work throughout the engagement, not “point, click, report, rinse and repeat”. We’ll discuss tips, techniques and secrets that the PROS don’t always blog about. PRO TIP – This won’t be a talk on how to use a particular framework or release of a tool (there are plenty of those already). So bring your work boots, it’s time to get dirty and UP your game.
Eric Smith (@InfoSecMafia) is a Senior Partner and Principal Consultant at LARES. Eric specializes in penetration testing with over 15 years of experience in the IT/IS industry. Eric is well versed in a variety of Risk Assessment services and has extensive experience in penetration testing, insider threat assessments, Social Engineering, physical security and Red Team engagements. When Eric isn’t compromising large scale, heavily protected fortresses, he goes on retreats in search of unicorns, horseshoes and hidden treasures that many claim to be “suicide missions”. Eric was also born with invisible gills and is referred to by close friends and closer enemies as the “phish whisperer”.