DeepSec 2016 Workshop: Penetration Testing Humans – Bethany Ward & Cyni Winegard
Do you know the film where the victim gets an unsuspecting phone call and dies three days later? No? Relax, it happens in the real world, too. The difference is that you get a quite normal phone call at the office and three days later some of your data has been copied. The technical term is leaked, also known as stolen. All your security measures will be untouched. Why break into a firewall or into servers when you get the access credentials by phone?
Social engineering is an advanced and very persistent threat. You probably get phone calls and emails every day. You may often interact with people you have never seen or met before. Given the right approach they will make you and your employees believe anything. In turn this technique is very efficient for security or penetration tests. If you do security checks or assessments, you should get in touch with the skills of social engineers. When it comes to defence you probably want to know what tricks of the trade are being used against you. This is why we invited two top experts in this field to DeepSec 2016!
In this two-day workshop, attendees will learn not only the history and fundamentals of social engineering, but how to create a personalized pretext unique to their needs. By blending psychology, anthropology, word-crafting, and acting, attendees will practice analysing their target as well as themselves. In this workshop will focus on everything from how to dress to how to phrase questions to increase the probability for a successful compromise.
This is a practical, hands-on course with a lot of interaction and, best of all, practice. To top it all off, the course will end with a contest where attendees get a chance to test their new skills against the instructors. There will be prizes for best showing.
All materials necessary for the course will be provided, but bringing scratch paper is recommended.
We strongly recommend this training for anyone communicating with other people on a daily basis. If you never pick up the phone, answer emails, or open the door, then you are probably safe. Or are you?
Cyni Winegard is currently an Information Security Analyst with TraceSecurity. Starting her career as a Systems Administrator, she has moved into the information security industry and fallen in love with it. In her role at TraceSecurity, she performs penetration testing, security assessments, audits, and social engineering engagements. Cyni has a B.S. in History and Anthropology from Florida A&M University, a Master of Justice Studies in Cybersecurity, and a Graduate Certificate in Terrorism and Homeland Security. She is working on a Master of Digital Forensics degree from the University of Central Florida. She enjoys applying anthropological concepts to social engineering, and is passionate about compromising users. If not lost in cyberspace, Cyni can most likely be found practicing krav maga or playing video games.
Bethany Ward is an Information Security Analyst with TraceSecurity, LLC. In this role she performs pentests, security assessments, IT audits, and social engineering engagements. She has a B.S. in Computer Science from the University of Arkansas. In addition to her technical skills, Bethany is an avid lover of writing, acting, and psychology, and enjoys applying her liberal arts skills to her technical pursuits. Bethany has spoken on social engineering at multiple conferences, including HackMiami and DEF CON. When not being fascinated by security, Bethany enjoys antiquing and playing video games.