Artwork

Conteúdo fornecido por Black Hat / CMP and Jeff Moss. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Black Hat / CMP and Jeff Moss ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
Player FM - Aplicativo de podcast
Fique off-line com o app Player FM !

Joseph Klein: The Social Engineering Engagement Methodology - A Formal Testing process of the People and Process

40:54
 
Compartilhar
 

Manage episode 155121483 series 1146744
Conteúdo fornecido por Black Hat / CMP and Jeff Moss. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Black Hat / CMP and Jeff Moss ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
The security of an organization is composed of technology, people and processes. In the last few years, many organizations have done a good job addressing technology but have focused very little on the people and processes. This presentation reviews the formal methodology for performing Social Engineering Engagements. The method is divided into four sections including the Pre-Engagement, Pre-Assessment, Assessment and Post-Assessment. The Pre-Engagement, is the sales process for performing the assessment. In this section, we will review the business justification and headlines of current attacks. Pre-Assessment if focused on identifying the scope of the project, limitation, targets and attack vectors. Also included are examples of what information must be gathers for use in the assessment and post assessment phase. The most interesting and tedious part is the actual assessment. In this section, we will discuss how to engage the target, utilize company information, how to achieve the goal and what to do when you are caught. Included in this section is also how and what to document about every contact. Post assessment is the analysis and reporting phase. In it, we will review documenting findings, and mapping them to recommendations. Joe Klein, CISSP is Senior Security Consultant at Honeywell and a member of the IPv6 Business Council. He performs network, application, web-application, wireless, source-code, host security reviews and security architecture design services for clients in the commercial and government space Prior to joining Honeywell, Joe worked as a consultant performing attack and penetration assessments for many significant companies in the IT arena. While consulting, Joe also taught "Hacking and Incident Handling", "IDS/IPS management" and "Managing Network Security" at a local college in Jacksonville Florida. He regularly speaking at conferences including Defcon, InfoSecWorld, PhreakNic and regional meetings including Infragard, ASIS and ISSA.>
  continue reading

61 episódios

Artwork
iconCompartilhar
 
Manage episode 155121483 series 1146744
Conteúdo fornecido por Black Hat / CMP and Jeff Moss. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Black Hat / CMP and Jeff Moss ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
The security of an organization is composed of technology, people and processes. In the last few years, many organizations have done a good job addressing technology but have focused very little on the people and processes. This presentation reviews the formal methodology for performing Social Engineering Engagements. The method is divided into four sections including the Pre-Engagement, Pre-Assessment, Assessment and Post-Assessment. The Pre-Engagement, is the sales process for performing the assessment. In this section, we will review the business justification and headlines of current attacks. Pre-Assessment if focused on identifying the scope of the project, limitation, targets and attack vectors. Also included are examples of what information must be gathers for use in the assessment and post assessment phase. The most interesting and tedious part is the actual assessment. In this section, we will discuss how to engage the target, utilize company information, how to achieve the goal and what to do when you are caught. Included in this section is also how and what to document about every contact. Post assessment is the analysis and reporting phase. In it, we will review documenting findings, and mapping them to recommendations. Joe Klein, CISSP is Senior Security Consultant at Honeywell and a member of the IPv6 Business Council. He performs network, application, web-application, wireless, source-code, host security reviews and security architecture design services for clients in the commercial and government space Prior to joining Honeywell, Joe worked as a consultant performing attack and penetration assessments for many significant companies in the IT arena. While consulting, Joe also taught "Hacking and Incident Handling", "IDS/IPS management" and "Managing Network Security" at a local college in Jacksonville Florida. He regularly speaking at conferences including Defcon, InfoSecWorld, PhreakNic and regional meetings including Infragard, ASIS and ISSA.>
  continue reading

61 episódios

ทุกตอน

×
 
Loading …

Bem vindo ao Player FM!

O Player FM procura na web por podcasts de alta qualidade para você curtir agora mesmo. É o melhor app de podcast e funciona no Android, iPhone e web. Inscreva-se para sincronizar as assinaturas entre os dispositivos.

 

Guia rápido de referências