I’ve spent a lot of my time lately working on projects related to social engineering. Writing articles, prepping class material, and just generally having conversations and brushing up on my skills. For those that don’t already know, Chris Nickerson and I are doing a full five-day class on Social Engineering at ChicagoCon in May, and there’s much to prep for.
In preparation, and to give people a brief taste, Chris and I did a webinar last week. Check out the video for the webinar over at EH.net
Also, since Chris leaked it already (when someone SE’d him on EH.net), I’ll post a small snippet of one afternoon of course outline here:
Determining Tests
• Types of testing
o Direction of attacks
o External
? Electronic
• Phishing
• Client-side / browser side exploitation
• Metasploit
• Core
• By hand
• Malicious attachments
? Person to Person
• Phone
• Written
• Social Networks/IM
• Public Manipulation
o Internal
? Person to Person
• Gaining access to physical credentials
• Solicitation
• Direct interaction
• Creating spies / information leak sources
o Methods (al mamalik,qulaam, kgb,cia,others)
o Trading information
• Becoming an employee
? Electronic
• CD/Key drops
• Authentication bypass
• Key /perimeter bypass
• Falsification of credentials
• RFID/ HID copying
Check out the webinar, and hopefully you sign up for the class.