Social Engineering- Beyond the Baseline
Brandon Edmunds, Senior Security Consultant, Coalfire Labs
Coalfire Labs does a lot of Social Engineering testing. Traditional Social Engineering testing involves a mundane process of taking a sample of a population and then attacking those “targets” with some pretext calls or a phishing email in order to obtain credentials. Metrics are recorded and then reported back in some form of a deliverable, usually a report. As an example, in a standard Social Engineering engagement, we had a Pretext Calling campaign that included a target selection of 10 users. We made 10 phone calls and talked three of the targeted people out of their passwords.
The Lesson of eBay
Rick Dakin, CEO, Co-founder and Chief Security Strategist
After every major cyber breach, security professionals are asked about the lessons we can learn from them. While the technical details of the eBay attack aren’t yet public, we can already learn lessons about from company’s public statements and its communications to its customers.
My DEFCON social engineering talk and DerbyCon
Noah Beddome, Associate Assessor, Coalfire Labs
This year has been a year of firsts for me and for Coalfire. I was recently hired to my first Information security job as a penetration tester for Coalfire Labs, the forensic and app/network testing side of Coalfire. Many of the Coalfire Labs team attended DEFCON in Las Vegas in early August.. Not only was it my first visit to DEFCON as an attendee but this was my first time speaking at a conference. Because it seems to be a year of firsts, we at Coalfire Labs thought it would be a good idea to share a first time speaker’s experience and an attendee’s views on this year’s DEFCON.