ct: From our own analysis, phishing attacks for the first time are the number one attack vector superseding direct compromises of perimeter devices. Endpoints are now subjective to a number of different types of attacks and it’s all around targeting the user. This talk will walk through a number of targeted attacks that elicit social engineering aspects in order to gain a higher percentage of success against the victims. Additionally, we’ll be covering newer techniques used by attackers to further their efforts to move laterally in environments. Social engineering is here to stay and the largest risk we face as an industry – this talk will focus on how we can get better.
Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book “Metasploit: The Penetration Testers Guide,” the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. Kennedy is the co-host of the social-engineer podcast and on a number of additional podcasts. Kennedy has testified in front of Congress on two occasions on the security around government websites. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.Directing the nature and dynamic of social interactions is at the heart of social engineering. One of the most impactful forms of this is being able to make a functional interaction out of a hostile or uncomfortable one. During this talk we will look at the different levels of intensity within interactions and ways to manage them.