Social Engineering TalesAhmed Abbas MohammedMCP, E|CHFI, E|CEH, MCSA Azure, MCSA Office365

Disclaimer

Introduction about Myself

• Ahmed Abbas Mohammed.

• Graduated from SUST-CSIT, Networks department.

• Currently working as an Information Security Administrator.

• Organizer and speaker at OWASP Khartoum.

• Member at Sudan-T00r and Hex Hex security teams.

• Interested in physical security, security awareness and psychology.

Some Statistics [Microsoft]

Some Statistics [Microsoft Survey]

Some Statistics [Microsoft Survey]

Some Statistics [Microsoft Survey]

Some Statistics [Microsoft Survey]

Some Statistics [Microsoft Survey]

Who Are You ?

Basics of Social Engineering

Social Engineering Tales - 2015

What is social engineering?

• the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access.

• Why spend thousands of dollars on sophisticated hacking software when you could just trick someone into telling you the password?

Terms

• Confidence trick

• Amygdala hijacking

• Elicitation

• Influencing

• Manipulation

• Pretexting

Social Engineering Tales - 2015

• Phishing

• Spear-phishing

• Harvesting

• Dumpster diving

• Shoulder surfing

• Tailgating

Attack Methods – Baiting

Attack Methods – Phishing

Attack Methods – Pretexting

Attack Methods – Quid Pro Quo

Attack Methods – Tailgating

Humans Weak Points

• Diffusion of Responsibility

• Chance for Ingratiation

• Trust Relationship

• Guilt

• Desire to help.

Why is Social Engineering Effective?

• Manipulates legitimate users into undermining their own security system

• Abuses trusted relationships between employees

• Very cheap for the attacker

• Attacker does not need specialized equipment or skills

Hackers Movie, Social Engineering

The Tales

“Save power is save money!

2011 Recruitment Plan

NSA, and Snowden

Paul Allen, Microsoft

Wells Fargo, You are doing it wrong

My $50,000 Twitter Username Was Stolen

Paris Hilton’s Phone

KDMS team

NATO

Wal-Mart

ICANN

Social Engineering Tales - 2015 35

Recorded Demo

How To Protect Yourself

Stopping the Attack

Stopping the Attack

Stopping the Attack

Stopping the Attack

Defense for Companies

Social Engineering Tales - 2015 41

Password Policies

Vulnerability Assessments

Data classification

Background Checks

Incident Response

Physical security

Thank youSocial Engineering TalesAhmed Abbas MohammedMCP, E|CHFI, E|CEH, MCSA Azure, MCSA Office365