Podcasts about sectf

The main organizers of the Collegiate SECTF include Temple University's CARE Lab of Professor Aunshul Rege, Rachel Bleiman and Katorah Williams, plus Patrick Laverty from Layer 8 Conference. In this episode, the team discusses the origins of the SECTF, how it works, who can compete, as well as the impressions of the competition by graduate students Rachel and Katorah. If you are a college student and would like to compete in this tournament, this is a can't miss episode!

From October 2nd to 4th, six teams competed in the first ever Collegiate Social Engineering Capture the Flag competition at Temple University. They were tested on their ability to perform OSINT, create a phishing email and even make phone calls to gain information. This episode speaks with the creator of the competition, Professor Aunshul Rege and the winner of the competition, a one-woman team from Noroff University College in Norway, Ragnhild "Bridget" Sageng. We also have one of the judges with us, our long time friend and all around great person, TinkerSec! Stay tuned for announcements about the second annual competition, coming soon!

In this episode, industry pioneer Chris Hadnagy explains the role of psychology, empathy, and personal growth in the Social Engineering field. Here are some of the topics covered:0:00 Content Warning: Child Abuse, Child Sexual Trauma00:30 Introduction to Episode 10 featuring Chris Hadnagy01:30 Chris in retrospect: teenage years, 20s, computers, and then “Social Engineering”03:30 What is social Engineering?05:00 Psychology’s Role in the Framework10:22 Social Engineering: Is there anything that is “off limits”? 12:00 "Find another Way" 14:20 The Origin Story of The Innocent Lives Foundation, @InnocentOrg18:50 The Infosec industry and CST (Childhood Sexual Trauma)20:00 Innocent Lives Foundation Non-Vigilantism, Mental Health and Safety22:30 Chris's Advice to anyone who finds CP23:50 A Shocking Statistic about Child Predators25:00 Capture the Flags and the Establishment of the SECTF at DEFCON17 (shoutout to @DarkTangent)28:00 What is the SECTF? 29:40 SE Village as an "Oasis"30:45 OSINT's role33:00 Alethe and Rachel have changed the entire game of social engineering34:00 Chris's philosophy on being a boss37:08 Unconditional praise for Ryan McDougall 38:20 Entrepreneurship and Risk44:40 "Cooking Through" COVID19 Isolation46:30 Virtual Workers, Virtual Teams50:30 Advice to a younger Chris52:00 Wrap up: How you can help Innocent Lives FoundationAbout Chris: Christopher Hadnagy is the founder and CEO of Social-Engineer, LLC, and the CEO of the nonprofit Innocent Lives Foundation. Chris possesses more than 17 years of experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today. Chris established the world’s first social engineering penetration testing framework at www.social-engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource, including a podcast and a newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private-sector professionals. In 2017, he started an InfoSec community initiative nonprofit called The Innocent Lives Foundation. He gathered experts from the field in OSINT, investigation, and other areas to help assist law enforcement in tracing, tracking, and unmasking child predators who try to hide online. More information can be found at www.innocentlivesfoundation.org. Follow Chris Hadnagy: @HumanHackerFollow Tribe of Hackers podcast: @ToHpodcastFollow RayRedacted: @RayRedacted

Alethe Denis & Chris Kirsch talk about competing in SECTF competitions, OSINT in general, and skills such as vishing. This is a good conversation to listen to if you're trying to learn more about aspects of social engineering, especially in competition scenarios.

Episode Highlights: Alethe shares her initial thoughts on receiving details about her target company. One mistake Alethe made in her first competition was misunderstanding that you can repeat flags. Alethe outlines how she prepared for the second competition, including watching re-enactment videos. Chris and Alethe discuss the importance of pretext and the key switch Alethe made. Alethe describes the experience of bringing a young baby to DefCon. She spent over 100 hours of time on her OSINT report. She spent even more time getting ready for the calls. Alethe tells us the most dangerous OSINT she found in her research. Alethe compares real-life vishing to competitive vishing. The time factor gave Alethe anxiety during her first competition. Learn how she managed this the second time around. They discuss the name game and how to use it effectively or ineffectively. Learn the important way the black badge changed Alethe’s life.   3 Key Points: Dedicate a big chunk of time to prepare for the conference by listening to podcast episodes, watching re-enactments, and preparing your OSINT report. In her OSINT research, Alethe was able to find information as dangerous as the types of equipment and software the company used freely available to the public. In real-life vishing, you have time to establish rapport. Competitive vishing moves much faster. Resources Mentioned: Chris Kirsh re-enactment video Alethe Denis Twitter, LinkedIn The Hitchhiker’s Guide to the Galaxy (book) Innocent Lives Foundation Human Hacker Twitter SE Village Twitter

                  So many times we get asked how can you become a professional social engineer.  This month we talk to two amazing women who were never in the industry, took a huge risk and it paid off.  Join us in this fascinating conversation with Whitney Maxwell and Rachel Tobac. These two wonderful personify doing things ethically, honestly and with empathy.  They are an amazing example to our community and we had a great opportunity to talk about: How did you get into the SECTF? How did winning change your life? Did you get into SE because of it? Does Whitney really have relatives with everyone's name? Why is Rachel so scary? So much more.....   Whitney Maxwell can be found on Twitter at https://twitter.com/whitneynmaxwell/ and her book recommendations are: The Harry Potter Series The Midnight Line - A Jack Reacher Novel Crucial Conversations: Tools for Talking When Stakes are High by McGraw-Hill Education Smart Women Finish Rich by David Bach Everything That Rises Must Converge: Stories (FSG Classics) Paperback – by Flannery O'Connor   Rachel Tobac can be found on Twitter at https://twitter.com/racheltobac and her book recommendations are: Influence by Robert Cialdini Bossy Pants by Tina Fey As well as recommending two other podcasts: Masters of Scale by Reed Hoffman & How I Built This - Guy Raz

Part 2 of our interview with Chris Hadnagy Discuss more about his book, best ways to setup your pre-text in an engagement how you might read someone on a poker table a great story about Chris's favorite person “Neil Fallon” from the rock band “Clutch” and we talk about “innocent lives foundation”, something near and dear to Chris' heart. We start the second part of our interview with Chris with the question “are the majority of your SE engagements phishing and calls, or is it physical engagements?”   Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9 SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/ Chris’ Podcast: https://www.social-engineer.org/podcast/   SECTF at Derby (contestants are chosen)       Remembering - attention to detail     Remembering details     Can be the difference between success and failure   Social Engineering - the different aspects: Info Gathering Time constraints Accommodating non-verbals Body language must match mood Using a slower rate of speech Suspending ego RSVP Rapport Psychology “Getting information without asking for it” Elicitation ‘The Dark Art’ -negative outcome for the target Manipulation “Getting someone to do what you want them to do” Understanding the science of compliance Influence Profiling Communications Modeling Facial Expressions Body Language Don’t overextend your reach Knowledge that comes from a point of truth, or is easily faked Pretexting Emotional Hijacking Misdirection Art Science       Questions:     What precipitated the need to write another book?     You bring up several successful operations, and several failures…         How do you regroup from a failure, especially if the point of entry is someone that ‘got you’... “The level of the assistance you request must be equal to the level of rapport you have built” -     Seems like understanding this is an acquired skill, not set in stone…   Many of us in the infosec world are introverts… how do you suggest we hone our skills in building rapport without coming off as creepy? Work place? On the commute? Does being an introvert mean that it might take longer to get to the goal? Can we use our introverted natures to our advantage?         Get Ryan on the show…                             Lots of items (8 principles of influence)      Typical daily SE activities     Holding a door open, then the person reciprocates   Framing     We don’t ‘kill our dogs’, we ‘put them to sleep’.   Questions from our Slack:   Ben: Do you feel there's an importance for non-InfoSec adjacent folks to learn about Social Engineering, and maybe go through some sort of training in order to navigate day-to-day life in the modern world?   What does an interview at Chris’ company look like?   https://www.innocentlivesfoundation.org/     Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

Christopher Hadnagy Interview: Origin story connoisseur  of moonshine Social Engineering: The Science of Human Hacking 2nd Edition Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9 SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/ Chris’ Podcast: https://www.social-engineer.org/podcast/   SECTF at Derby (contestants are chosen)       Remembering - attention to detail     Remembering details     Can be the difference between success and failure Social Engineering - the different aspects: Info Gathering Time constraints Accommodating non-verbals Body language must match mood Using a slower rate of speech Suspending ego RSVP Rapport Psychology “Getting information without asking for it” Elicitation ‘The Dark Art’ -negative outcome for the target Manipulation “Getting someone to do what you want them to do” Understanding the science of compliance Influence Profiling Communications Modeling Facial Expressions Body Language Don’t overextend your reach Knowledge that comes from a point of truth, or is easily faked Pretexting Emotional Hijacking Misdirection Art Science       Questions:     What precipitated the need to write another book?     You bring up several successful operations, and several failures…         How do you regroup from a failure, especially if the point of entry is someone that ‘got you’... “The level of the assistance you request must be equal to the level of rapport you have built” -     Seems like understanding this is an acquired skill, not set in stone…   Many of us in the infosec world are introverts… how do you suggest we hone our skills in building rapport without coming off as creepy? Work place? On the commute? Does being an introvert mean that it might take longer to get to the goal? Can we use our introverted natures to our advantage?         Get Ryan on the show…                             Lots of items (8 principles of influence)      Typical daily SE activities     Holding a door open, then the person reciprocates   Framing     We don’t ‘kill our dogs’, we ‘put them to sleep’. Questions from our Slack:   Ben: Do you feel there's an importance for non-InfoSec adjacent folks to learn about Social Engineering, and maybe go through some sort of training in order to navigate day-to-day life in the modern world?   What does an interview at Chris’ company look like?   https://www.innocentlivesfoundation.org/     Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 It might not come as a shock to you that we here at SEORG love Neil Fallon and Clutch. Having Neil out at DEF CON was an amazing experience.  After 4 long days at DEF CON we hosted our annual live podcast for Episode 108. Join us as: Neil fixes Chris' technical issues. We discuss ways to improve the SEVillage We talk about professional SE work  and we suffer through our final sleep deprived moments in Vegas.... You can follow Neil on Twitter at: @npfallon Check out Chris' latest book: Social Engineering: The SCIENCE of Human Hacking

Joe gray is a Senior Security Architect at IBM and has his own blog and podcast called Advanced Persistent Security. Joe presented a talk at RSA this year on social engineering and OSINT.

Rachel is co-founder and CEO of Social Proof Security and Chair of the Board of Women In Security and Privacy.

Bill Sempf and I watched a movie called Sneakers. This episode is sponsored by Smartsheet. This is an extra-large, jumbo-sized, special episode of Cross Cutting Concerns. There's just too much awesome in Sneakers to fit in a 15 minute episode. But don't worry, I'll be back to regular length episodes starting next week! Show Notes: Sneakers is a 1992 movie. If you haven't seen it yet, go watch it first, because this podcast contains spoilers! It's available to stream on Amazon, and it is well worth a purchase. Check out the incredible cast on IMDb (and also peek at the trivia section) An interview with Bob Abbott RSA - named after Rivest, Shamir, Adleman Intel's 49 qubit chip Fluhrer, Mantin, and Shamir attack on RC4 Book: Brute Force: Cracking the Data Encryption Standard by Matt Curtin We mentioned: Dark Web, Deep Web, Tor, look it up OSINT Framework by Justin Nordine Blue Team vs Red Team Conferences: CodeMash, DerbyCon David Kennedy segment on CNN Money Podcast: Security Through Education - Episode 098: Winning the SECTF with Chris & Rachel The Economist cover and story: The world’s most valuable resource is no longer oil, but data Bitcoin was mentioned Paper: Smartphone User Identity Verification Using Gait Characteristics (gait analysis) Comic: XKCD on Security Captain Crunch = John Draper, here's a video from ABC News Tiger Team: Car Dealer Takedown OWASP Bill Sempf is on Twitter. Want to be on the next episode? You can! All you need is the willingness to talk about something technical. Music is by Joe Ferg, check out more music on JoeFerg.com!

Chris Kirsch, the 1st place winner of the SECTF, is a returning competitor that came back to prove to himself how and why he CAN win this competition after his previous attempt was ...um... not so great. Rachel Tobac is our scariest competitor but also one of our most positive and sweetest.  She comes back to yet again take 2nd place in the SECTF this year. We will discuss: What helped you win? What is one of the most important lessons? Would you recommend others try the SECTF?   Do you want to see their entrance videos? Chris Kirsch: https://youtu.be/2FUkbes6Wgc Rachel Tobac: https://youtu.be/UuWRT4rpmX8

Michelle (@MlleLicious) was one of the contestants who competed on Friday in the Social Engineering Capture The Flag (SECTF). This year the SECTF focused on video game companies and Michelle (happily) pulled Disney. Getting up on stage in front of hundreds of people is already a nerve racking proposition. Now add in that you have to interact with another human being to try and get them to divulge information for points. As you'll hear this was Michelle's first year at DEFCON. She dove right in to the event and walked away from the even with an amazing experience.

Kevin Roose is a business and technology writer for New York magazine and the Daily Intelligencer blog. He has written several books including The Unlikely Disciple: A Sinner's Semester at America's Holiest University and Young Money: Inside the Hidden World of Wall Street's Post-Crash Recruits. In 2015, Kevin asked Chris and his team of expert social engineers to hack him.  There was no restrictions - phishing, vishing, impersonation and a complete d0x were all on the table.  If haven't seen the outcome you can view in on the YouTube Video that already has over 2 million views. We thought it would be a great idea to invite Kevin on the show and ask him a few questions: What gave you this crazy idea? Did you think you would come out the victor? How did you really feel as you realized you where pwned? How has it affected you after the hack? Anything you do differently now? And so much more....

Another amazing year at DEF CON and the women have again dominated the SECTF.  Join us with our first and second place winners, Jen and Jon, to discuss strategy and how to win.... Sept 14, 2015

What is Social Engineering (SE) and why should developers care? It is the ability to manipulate. It is the power to influence, elicit, and misdirect. It is a means hackers can use, for better or worse, to breach or protect companies, start or stop cyber wars, commit or prevent cyber crimes, and steal or secure your data.   Social Engineer, hacker, & author Chris Hadnagy (@humanhacker) discusses the dangers technology companies & developers are exposed to everyday. Social Engineering has become an art form. It can be used to help or hinder others. Those that help prevent SE attacks like Chris are known as White Hats. Those that seek to harm and take from others with malicious intent are known as Black Hats.   To Black Hats, we are just obstacles standing in the way of their goals. These individuals will do whatever they must to get us to reveal our secrets. Most times we even do this willingly, without ever realizing we have been hacked until it's too late. Seemingly trivial information to us may just be the last crucial piece of information a Black Hat needs.   All the firewalls & countermeasures in the world can't protect us from ourselves. We can't afford to have our applications, our money, our lives hacked to bits because of our human nature. Chris talks with us on how we can prevent this from happening to us and our teams. Upcoming Events with Chris Hadnagy DEF CON 23 SECTF - http://www.social-engineer.org/ctf/def-con-23-sectf-rules-registration/ Black Hat USA 2015 in Las Vegas - https://www.blackhat.com/us-15/training/advanced-practical-social-engineering.html SE Training  in Baltimore, MD - https://www.social-engineer.com/store/#!/5-9-October-2015-Advanced-Practical-Social-Engineering-Baltimore-MD/p/43984300/category=3286162 Resources Books by Chris Social Engineering : The Art of Human Hacking Unmasking The Social Engineer Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails Books by Kevin Mitnick The Art of Deception: Controlling the Human Element of Security The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Social-engineer.org - http://www.social-engineer.org/ Social-engineer.com - http://www.social-engineer.com/ Paul Ekman Group - http://www.paulekman.com/ The Social Engineering Podcast - http://www.social-engineer.org/category/podcast/ @SocEngineerInc Twitter account  - https://twitter.com/SocEngineerInc The Social Engineer Podcast episode 64 - http://www.social-engineer.org/podcast/ep-064-official-john-mcafee-social-engineer/ The Social Engineering Framework - http://www.social-engineer.org/framework/general-discussion/ Archive.org - https://archive.org/ Panelists Danny Blue - Front End Engineer at Deloitte Digital Erik Isaksen - HTML5 Google Developer Expert & Front End Engineer at Deloitte Digital

In this episode We revisit the 'human' side of hacking Chris tells us all about the Defcon CTF his team has hosted We discuss the role human nature plays in social engineering, or "Why the bad guys always win" Chris gives us his tips for making it harder for social engineers Michael and Chris talk metrics and measuring "getting better"   Guest Chris Hadnagy ( @HumanHacker ) - Chris Hadnagy (author of Social-Engineering: The Art of Human Hacking and Unmasking the Social Engineer: The Human Element of Security) is a speaker, teacher, pentester, and recognized expert in the field of social engineering and security.Chris Hadnagy is the President and CEO of Social-Engineer, Inc. He has spent the last 16 years in security and technology, specializing in understanding the ways in which malicious attackers are able to exploit human weaknesses to obtain access to information and resources through manipulation and deceit.Chris is a graduate of Dr. Paul Ekman’s courses in Microexpressions, having passed the certification requirements with an “Expert Level” grade. He also has significant experience in training and educating students in non-verbal communications. He hold certifications as an Offensive Security Certified Professional (OSCP) and an Offensive Security Wireless Professional (OSWP).Finally, Chris has launched a line of professional social engineering training and penetration testing services at Social-Engineer.Com. His goal is to assist companies in remaining secure by educating them on the methods used by malicious attackers. He accomplishes this by analyzing, studying, dissecting, then performing the very same attacks used during some of the most recent incidents (i.e. Sony, HB Gary, LockHeed Martin, Target, etc), Chris is able to help companies understand their vulnerabilities, mitigate issues, and maintain appropriate levels of education and security.Chris has developed one of the web’s most successful security podcasts, The Social-Engineer.Org Podcast, and the equally-popular SEORG Newsletter. Over the years, both have become a staple in most serious security practices and are used by Fortune 500 companies around the world to educate their staff.You can find Chris's articles for local, national, and international publications and journals, including Pentest Mag, EthicalHacker.net, and local and national Business Journals.   Links: Social Engineer Org - Your one-stop place for podcast, newsletter, and all things social engineering from Chris's team - http://www.social-engineer.org/ SECTF Report - http://www.social-engineer.org/ctf/social-engineer-inc-releases-annual-report-def-con-22-social-engineering-capture-flag-sectf-contest/ Social Engineer, Chris's company - http://www.social-engineer.com/

Each year the SECTF at DEF CON grows in popularity and this past year was no different.  Join us with the dynamic duo that won DEF CON 22's SECTF competition - The Schmooze Operators Nov 10, 2014

The Social-Engineer Capture the Flag has been a staple of DEF CON for 5 years. For 5 years we have looked for a woman to challenge the men.  We have found her - enter Lilly.  She came down upon the SECTF with a vengance and not only won, but won by over 200+ points. We have a lively and real life talk with the winner to see how she did it.

3 years - wow. A truly humbling journey its been. 3 years we have spent researching, dissecting and analyzing all manner of human influence. With the most successful SECTF to date, we celebrate our 36th in style - AT DEFCON 20. The panel has changed (we miss you Jim), the topics have gotten deeper and the quality has gotten better. What did this year include? How did the SECTF go? Well, find out as you join us for our 3 year anniversary LIVE!