Your Pen-Test has a Glaring Weakness - Emulating the Attackers Better with Social Engineering

  • Webcast Aired Monday, 10 Mar 2014 1:00PM EDT (10 Mar 2014 17:00 UTC)
  • Speakers: Dave Shackleford, James Lyne

Over the past few years penetration testing has grown by leaps and bounds in being recognized as a key security capability for every enterprise. So too have the capabilities of penetration testers in emulating the high end technical attacks of cyber criminals, hackers or even nation states. Unfortunately, in our experience many organizations are still missing a primary attack vector - one that many attackers have used incredibly successfully over 2013 - social engineering. Gone are the days of sophisticated attackers' social engineering attempts being misspelt, overtly suspicious phishing e-mails (though they will never entirely disappear) and bring on the future of cleverly crafted attacks which ask the user nicely to hand over data.

In this webcast we will discuss the need for social engineering in penetration testing programs, how to avoid the common pitfalls (legal, ethical and technical) and a few top techniques that have a strong history of success from our penetration tests. Learn how awesome social engineering can be and build better awareness of attacks against the human.