DeepSec 2023 Press Release: Open Source Intelligence Training for Companies – DeepSec Conference offers OSINT Training in IT Security Skills.
In information security, the focus is often placed on technical solutions and ready-made security products. Successful attacks always start with the reconnaissance of information from freely available sources. This so-called Open Source Intelligence (OSINT) is closely interwoven with social engineering methods, which are an indispensable part of successful attacks. The DeepSec conference offers a two-day intensive training course on this topic.
A head start through the right information
Reports on data leaks at companies rarely reflect the actual process. Although it is often simplistically mentioned that social engineering was used in a phishing attack, the methods have changed considerably in recent years. The path to a successful phishing message involves many steps and enormous preparation. Any publicly available information is collected and analysed by the attackers. Most companies and organisations have weak points in this area, which can be found with sufficient preparation and time. To improve your own defence, you need to understand how your opponents’ measures and processes work.
Psychology as a weapon
From a sober point of view, social engineering attacks usually appear to be less spectacular. This appearance is deceptive, because psychological knowledge about the victims plays an indispensable role. The intensive training during the DeepSec conference will look at this aspect in detail. Case studies of documented attacks will serve as objects of study. This includes the background information that was compiled specifically for these attacks. Christina Lekati, the trainer, will illustrate how this data was gathered. She will contribute her specialism in psychology. Phishing messages can be thought of as executable code that is run on the personalities of the targets. As people are very different, the information to be responded to must be optimised. With the right preparation work, success rates of over 80% can be achieved.
Once you understand exactly what the preparation looks like, you can use this knowledge for your own defence. The DeepSec workshop uses examples to establish links to companies and individuals. Of course, you can also use this knowledge to improve your own behaviour in the face of social engineering attacks. This allows you to organise your company’s internal awareness campaigns more effectively. Unfortunately, even experts still only understand attack prevention to mean simple checklists for behaviour or for assessing message attachments. These methods are no longer sufficient in case of a well-prepared attack.
Developing effective defence strategies
The two-day course ends with the development of effective defence strategies. This requires a combination of known technologies, psychological aspects, knowledge of internal processes in the target organisations and so-called counterintelligence methods. The latter originate from counter-intelligence approaches used by the military. The techniques have developed further and can be transferred to your own organisation with the background knowledge imparted in the workshop. It is important to adapt them precisely to processes, as no two organisations can be attacked in the same way. Ultimately, one must not be blinded by technical protection options, because well forged messages pass all plausibility checks.
Programme and booking
The DeepSec 2023 conference days are on 16 and 17 November. The DeepSec training sessions will take place on the two preceding days, 14 and 15 November. All training sessions (with announced exceptions) and presentations are planned as face-to-face events. For registered participants there will be a stream of the presentations on our internet platform. Discounted streaming tickets with exclusive access to recordings are also available.
The DeepINTEL Security Intelligence Conference will take place on 15 November. As this is a closed event, please send direct enquiries about the programme to our contact addresses. Please use strong end-to-end encryption for communication with us as indicated on our contact page https://deepsec.net/contact.html.
Tickets for the DeepSec conference and training sessions can be ordered online at any time via the link https://deepsec.net/register.html. Discount codes from sponsors are available. If you are interested, please contact us at deepsec@deepsec.net. Please note that we are dependent on timely ticket orders due to the planning security of the event.