Exploits in Wetware

Explore the world of social engineering attacks in this eye-opening conference talk from BruCON Security Conference. Delve into Robert Sell's third-place experience at the Defcon 2017 SE CTF, showcasing the alarming ease of obtaining sensitive information from organizations. Examine the dramatic growth of social engineering attacks as reported in the 2017 Verizon report. Learn about OSINT techniques used to gather hundreds of data points on target organizations, including VPN details, OS information, patch levels, and executive personal data. Discover vishing strategies employed to maximize point collection in time-constrained contests. Uncover tricks of the trade, such as the "incorrect confirmation" method, designed to extract information from targets. Analyze various pretexts crafted to attack companies and the emotional responses they aim to trigger. Consider the potential consequences of social engineering attacks, including financial losses and organizational repercussions. Conclude with practical strategies for reducing exposure and risk, covering current vulnerabilities, building robust defenses, adopting offensive measures, and implementing crucial cultural shifts within organizations.