0311, 2016

DeepSec 2016: Social Engineering remains the most dangerous Threat to Companies – DeepSec offers a Workshop on the Defence of social Manipulation as part of IT

Sanna/ November 3, 2016/ Conference, Press, Schedule, Training

If you follow the news on information security, you see superlative after superlative. Millions of passwords were stolen. Hundreds of thousands of cameras suddenly became tools for blackmail. Countless data got copied unauthorized. Often, after a few paragraphs, your read about technical solutions that should put a stop to these burglaries. Therefore one forgets that nowadays hermetically locked doors can be easily opened just by a telephone call or an e-mail message. According to a publication of the British Federation of Small Businesses, almost 50% of attacks are social engineering attacks, which means attacks through social manipulation.Thus, investments in technical defense measures remain completely ineffective. Mere security awareness does not help anymore In the past approaches to defend against attacks on the weak spot human being have focused on awareness trainings. But in our

Read More

0510, 2016

DeepSec 2016 Talk: Social Engineering The Most Underestimated APT – Hacking the Human Operating System – Dominique C. Brack

Sanna/ October 5, 2016/ Conference, Security

Social Engineering is an accepted Advanced Persistent Threat (APT) and is going to stay according to Dominique C. Brack of the Reputelligence, Social Engineering Engagement Framework (SEEF). Most of the high-value hacking attacks include components of social engineering. Understanding the behind the scene methods and approaches of social engineering will help you make the world a safer place. Or make your attack plans more successful! Social Engineering is a topic that does not really fit into technical hacking and is also underestimated by security professionals. There are no tools or hardware you can buy to prevent Social Engineering attacks. But Social Engineering is an APT to be taken seriously, because most attacks consist partly of it and its attack execution and prevention needs training and skills. Social Engineering has progressed and professionalized more than you think. It is disastrously effective.

Read More

0309, 2016

DeepSec 2016 Workshop: Penetration Testing Humans – Bethany Ward & Cyni Winegard

Sanna/ September 3, 2016/ Conference, Security, Training

Do you know the film where the victim gets an unsuspecting phone call and dies three days later? No? Relax, it happens in the real world, too. The difference is that you get a quite normal phone call at the office and three days later some of your data has been copied. The technical term is leaked, also known as stolen. All your security measures will be untouched. Why break into a firewall or into servers when you get the access credentials by phone? Social engineering is an advanced and very persistent threat. You probably get phone calls and emails every day. You may often interact with people you have never seen or met before. Given the right approach they will make you and your employees believe anything. In turn this technique is very

Read More