While we have a workshop on social engineering for you at DeepSec 2015, we do not do any trainings or exercises before the DeepSec event starts. A speaker alerted us that he got a cold call from a company offering cheap rates for accommodation. In case you have received any call from Exhibition Housing Management (EHM) and Exhibitors Housing Services (EHS), you can safely hang up. Both organisations have been used for scams in the past. Apparently they are alive and kicking. We thank EHS/EHM for providing exercise material and contact data for use during the conference.
Social Engineering engagements can appear to be easy, especially to someone who already has experience in the Information Security industry. All InfoSec consultants have experienced situations where they’ve been let into a meeting or to perform an onsite engagement without the correct paperwork or permission, and we’ve all heard the stories of successful Social Engineering assignments. Combined with frequent news stories on the success of spear phishing and „blagging“ it can seem as though the simplest of attacks will inevitably compromise a target. However selling, scoping, executing and reporting on regular Social Engineering engagements requires a thorough understanding of the processes, techniques and risks involved, as well as the concepts and issues around Social Engineering in general. With that understanding you can ensure that you have those stories to tell to your peers, and