42: Human Hacking & Social Engineering

What is Social Engineering (SE) and why should developers care? It is the ability to manipulate. It is the power to influence, elicit, and misdirect. It is a means hackers can use, for better or worse, to breach or protect companies, start or stop cyber wars, commit or prevent cyber crimes, and steal or secure your data.

Social Engineer, hacker, & author Chris Hadnagy (@humanhacker) discusses the dangers technology companies & developers are exposed to everyday. Social Engineering has become an art form. It can be used to help or hinder others. Those that help prevent SE attacks like Chris are known as White Hats. Those that seek to harm and take from others with malicious intent are known as Black Hats.

To Black Hats, we are just obstacles standing in the way of their goals. These individuals will do whatever they must to get us to reveal our secrets. Most times we even do this willingly, without ever realizing we have been hacked until it’s too late. Seemingly trivial information to us may just be the last crucial piece of information a Black Hat needs.

All the firewalls & countermeasures in the world can’t protect us from ourselves. We can’t afford to have our applications, our money, our lives hacked to bits because of our human nature. Chris talks with us on how we can prevent this from happening to us and our teams.

Upcoming Events with Chris Hadnagy

• DEF CON 23 SECTF - http://www.social-engineer.org/ctf/def-con-23-sectf-rules-registration/

• Black Hat USA 2015 in Las Vegas - https://www.blackhat.com/us-15/training/advanced-practical-social-engineering.html

• SE Training  in Baltimore, MD - https://www.social-engineer.com/store/#!/5-9-October-2015-Advanced-Practical-Social-Engineering-Baltimore-MD/p/43984300/category=3286162

Resources

• Books by Chris

• Social Engineering : The Art of Human Hacking

• Unmasking The Social Engineer

• Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

• Books by Kevin Mitnick

• The Art of Deception: Controlling the Human Element of Security

• The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

• Social-engineer.org - http://www.social-engineer.org/

• Social-engineer.com - http://www.social-engineer.com/

• Paul Ekman Group - http://www.paulekman.com/

• The Social Engineering Podcast - http://www.social-engineer.org/category/podcast/

• @SocEngineerInc Twitter account  - https://twitter.com/SocEngineerInc

• The Social Engineer Podcast episode 64 - http://www.social-engineer.org/podcast/ep-064-official-john-mcafee-social-engineer/

• The Social Engineering Framework - http://www.social-engineer.org/framework/general-discussion/

• Archive.org - https://archive.org/

Panelists

• Danny Blue - Front End Engineer at Deloitte Digital

• Erik Isaksen - HTML5 Google Developer Expert & Front End Engineer at Deloitte Digital