SlideShare ist ein Scribd-Unternehmen logo

Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering Skillset Through Psychology

C
Christina Lekati

Social engineering as a field is largely dependent on the understanding, predicting, and influencing human behavior. Influence and persuasion tactics are often fascinating topics of conversation within many circles of social engineers. But, they are barely scratching the surface when it comes to truly understanding humans and what influences their behavior. This talk aims to dive deeper into the topic of human behavior within the context of social engineering and security by leveraging interdisciplinary knowledge. We will look into the field for psychology, to help us better understand our universal hard-wiring, and into human intelligence (HUMINT) techniques. This will include how cognition and perception work, and how biopsychology and situational factors can influence the decision-making processes. This is the psychological layer that involves our basic hard-wiring and applies universally to all people. But we will also discuss our individual behavioral wiring. This includes aspects such as personality, self-identity and past experiences as elements that make us unique. They are aspects helping to assess specific targets. Security professionals working with high-value targets will find this section particularly useful, as they will learn to read their targets in a more tailored way, find potentially exploitable weaknesses, as well as communicate with them in a more effective manner. Examples will be provided. This talk aims to open some new horizons by introducing and initiating social engineers into new topics and behavioral science that will help them better serve the people they are ultimately trying to protect.

Bildung
1 von 45
Christina Lekati Social Engineering Security Trainer & Consultant Cyber Risk GmbH Beyond Influence Techniques: Broadening your Social Engineering Skillset Through Psychology
Christina Lekati • Psychologist & Social Engineer • Trainer & Consultant for Cyber Risk GmbH on the Human Element of Security • Social Engineering & Security Awareness Trainings to All Levels of Employees / Security Teams • Corporate & High-Value Target Vulnerabilities Assessments • Board Member of the OSINT Curious project About Me
• Social engineers in an offensive security capability • Cybersecurity professionals working with the human factor • …Anyone who wants to better understand themselves and others Who This Talk Is For Christina Lekati | Cyber Risk GmbH
3 important pillars of human behavior in social engineering: Social Engineering & Human Behavior Christina Lekati | Cyber Risk GmbH Understanding Predicting Influencing
Dr. R. B. Cialdini’s 6 Influence Principles: Reciprocation Consistency Social Proof Liking Authority Scarcity Social Psychology – Influence Techniques Christina Lekati | Cyber Risk GmbH Influence Principles rely on fundamental psychological principles that dictate strong behavioral tendencies Or “fixed action-patterns”
Social Engineering Attacks Have Evolved Christina Lekati | Cyber Risk GmbH More elaborate campaigns: • Longer reconnaissance • Tailored/ Personalized approach • More elaborate mind-games • Deep-fakes • Ongoing, state-sponsored social engineering campaigns “Hit-and-Run” VS
Understanding People Christina Lekati | Cyber Risk GmbH Basic Needs Survival Instincts Social Dynamics Laws of Trust Perception Cognitive Processes Biopsychology Past Experiences Individual Needs Individual Weaknesses Individual Goals/ Desires Personality Self Identity Beliefs “Universal” Elements Individual Elements
Christina Lekati | Cyber Risk GmbH Basic Needs Survival Instincts Social Dynamics Laws of Trust Perception Cognitive Processes Biopsychology “Universal” SE Attacks Let’s Start From The Basis of Human Nature: Our Hard-Wiring
Social Psychology The scientific study of how people think, feel, and behave in a social context. Universal Hard-Wiring Christina Lekati | Cyber Risk GmbH Perception The way sensory information is organized, interpreted, and consciously experienced. Cognition How people think. All forms of knowing and awareness, such as complex perception processes, conceiving, remembering, reasoning, judging, imagining, and problem solving. Biopsychology The scientific study of the biology of behavior 4 domains that study our basic human make-up, the way we are built to operate and interact with others.
1. Good cover (pretext) 2. Influence target’s decision-making Social Engineering Attacks: What Do They Count On Christina Lekati | Cyber Risk GmbH BUT a target’s decision making depends on their perception of the situation, and their cognitive abilities.
Perception Christina Lekati | Cyber Risk GmbH
Perception Perception refers to all the information we collect through our senses and the way we interpret them. We do not process all sensory information. The brain will spend energy (cognitive power) mostly on what it prioritizes or considers important. Christina Lekati | Cyber Risk GmbH
Perception It is an ironic mental function. Perception enables us to scan and evaluate our environments and the circumstances we encounter. It lets us know if there is a threat, or if we are safe. It is a quick, complex process, that does not require much energy or analytical capabilities. It is a highly automated process that relies on appearances & snap judgments. Christina Lekati | Cyber Risk GmbH
Perception A social engineer that wants to approach a target will either: • appear inconspicuous • look like they belong • make the target be attracted to them Christina Lekati | Cyber Risk GmbH
Perception – Forming Impressions Christina Lekati | Cyber Risk GmbH • Who is more successful? • Who is more reliable? • Whose opinion can you trust? HALO EFFECT: Cognitive bias that causes our impression of someone on one domain to influence our impression of them on other domains.
Christina Lekati | Cyber Risk GmbH Perception – Forming Impressions
Christina Lekati | Cyber Risk GmbH Perception – Forming Impressions
Perception Manipulation How is “Mia Ash” perceived? Christina Lekati | Cyber Risk GmbH The well-crafted social engineering personas are able to bypass the brain’s cognitive filters and not raise suspicions.
Perception - Trust We assign trustworthiness to people that: • Look happy & relaxed in an encounter • Have a calm, steady voice • Appear to be like us (tribal effect) OR • Have the expected behavior under specific circumstances Christina Lekati | Cyber Risk GmbH
Perception & The Situation Your brain spends energy aka cognitive power when analyzing a situation Each of us has specific preset notion about the “behavioral scripts” people are meant to play within specific environments/ situations If you follow them, you slide by the perceptual filters If you draw attention but still follow the appropriate behavioral script, you may still not raise suspicions – It is important to be aware of the social settings and local scripts of behavior! Christina Lekati | Cyber Risk GmbH Tailgating Impersonating
Perception in Phishing Scams Christina Lekati | Cyber Risk GmbH • The scammers used an email address that looked like it belonged to Corcoran’s assistant but was misspelled by one letter. • The email contained a fake invoice from a legitimate German company—for $388,700.11 for real estate renovations, which didn’t raise any alarms because Corcoran invests in real estate. • Thinking nothing was suspicious, the bookkeeper wired the money to the account listed in the email. Source: https://www.forbes.com/sites/rachelsandler/2020/02/27/shark-tank-host-barbara-corcoran-loses-380000-in-email-scam
Other Practical Applications Everything can be a subject to snap-judgments • On-site attack simulations • Sock puppets conducting online monitoring • (Virtual) HUMINT operations • Phishing attack simulations Christina Lekati | Cyber Risk GmbH
Cognition Christina Lekati | Cyber Risk GmbH
From Perception to Cognition What is affecting whether you will move from perception to analytical thinking? Christina Lekati | Cyber Risk GmbH Priorities Attention
Priorities Christina Lekati | Cyber Risk GmbH We pay more attention to what we prioritize. Other information may fade in the background.
Attention Christina Lekati | Cyber Risk GmbH Attentional processes are the brain’s way of shining a light to what is relevant to the person and filtering out the rest. Attention limitations or failure occur when: - having to process too much information - multi-tasking Exception! Some individuals are trained to an exceptional situational awareness level. The development of their covert attention includes a much broader spectrum of information receptiveness and processing.
Cognitive Analysis Christina Lekati | Cyber Risk GmbH Cognition How people think. All forms of knowing and awareness, such as complex perception processes, conceiving, remembering, reasoning, judging, imagining, and problem solving. Information / Sensations Thinking Outcomes Experience, Knowledge, Emotions
Cognitive Filtering A social engineering engagement becomes more complicated when the target engages in cognitive processes. If: • They pause and think before they speak • Ask questions • Do not grant you your wishes Christina Lekati | Cyber Risk GmbH
Cognitive Filtering Internal questions asked during a first encounter: • “Who is this person?” • “What do they want?” • “Are they a threat?” • “How long will this take?” Source: C. Hadnagy, Social Engineering, The Science of Human Hacking (2018) • “What’s in it for me?” Christina Lekati | Cyber Risk GmbH
Cognitive Filtering Communication capabilities have the power to influence cognitive processes. • Have a good pretext • Anticipate the target’s internal questions and address them in your communication • Use emotional and situational factors to your advantage Christina Lekati | Cyber Risk GmbH
Biopsychology Christina Lekati | Cyber Risk GmbH
Hacking The Cognitive Filters: Biopsychology Primarily based on hormones and chemicals created through: • Emotions • Stress • Lack of sleep/ fatigue Christina Lekati | Cyber Risk GmbH Biopsychology The scientific study of the biology of behavior
Emotions “I couldn’t think straight” • They trigger different priorities and introduce new motivations. • Emotions will make someone want to approach a person/situation and engage with them. Or the opposite. • Positive emotions like liking & rapport can give people “rose-colored glasses”. Hormone: dopamine, serotonin, oxytocin (highly rewarding & addictive) • Negative emotions like fear, tension trigger automatic avoidance responses. Hormones: cortisol, adrenaline Christina Lekati | Cyber Risk GmbH
Stress Stress hormones (cortisol, adrenaline) make the body believe and act as if there is an emergency. The brain gets occupied with that emergency. Mind and body get in tune to deal with the stressor. Priorities shift – Attention shifts to dealing with the stressor – Cognitive processes under function. Christina Lekati | Cyber Risk GmbH
Situational Factors Situational variables can make quite a bit of a difference in the outcome of a behavior. After everything you learned imagine... • Introducing a stressor or diversion before/ during an encounter (e.g. baby cry in the background) • Selecting the right timing (e.g. Fridays, the busiest time of the year, etc.) • Introducing emotional variables Christina Lekati | Cyber Risk GmbH
The Good News: Neuroplasticity All the above can be utilized in an offensive and defensive capacity. Our brains ARE capable of creating new behavioral pathways that can become automatic. Red flags act like cognitive triggers when employees have been trained well. Christina Lekati | Cyber Risk GmbH
Defense • Minimize employee decision-making where possible • Good quality training that actively engages employees. Training that is personal, intrigues and interests them • Reinforce a “security mindset” within your organization – utilize group influence tactics • Run exercises / attack simulations to reinforce good practices, learning & memory Christina Lekati | Cyber Risk GmbH
Christina Lekati | Cyber Risk GmbH What About Targeted, Tailored Attacks? Past Experiences Individual Needs Individual Weaknesses Individual Goals/ Desires Personality Self Identity Beliefs Individual Elements
Targeted, Tailored Attacks • Long-term, targeted social engineering attacks • Insider threat recruitment campaigns • HUMINT, Espionage operations Christina Lekati | Cyber Risk GmbH
Universal Needs Christina Lekati | Cyber Risk GmbH Water, food, air, warmth, sleep, shelter Maslow’s Hierarchy of Needs PHYSIOLOGICAL NEEDS SAFETY NEEDS Security of: physical self, family, health, financial, property BELONGING / LOVE Social Circle, Friends, Family, Intimacy ESTEEM Self-esteem, respect & appreciation from others, confidence, importance SELF-ACTUALIZATION Goal achievement, self discovery, realization of one’s full potential Used to entice
Universal Motivating Factors Christina Lekati | Cyber Risk GmbH Satisfy an (unmet) need Utilize the tribal instinct “Serve” their personal interests Make them feel good about themselves
Targeted Social Engineering Attacks Christina Lekati | Cyber Risk GmbH Targeted campaigns start from a basis of what is known about human hard-wiring. They develop based on the target’s: • Self interests, goals, desires • Unmet needs & weaknesses • Addictions • Personality traits • Strong beliefs • Self-identity
Long-term attacks are not based on short-lived influence tactics. They are based on personal relationships. As they progress, more information about the individual become known and additional bonding tactics are being used. Social engineers working on defensive security will need to learn to read their targets in a more specialized way, find potentially exploitable vulnerabilities, and help their clients become aware of those and protect themselves (and their organizations). Christina Lekati | Cyber Risk GmbH Long-Term Social Engineering Attacks
Defense • Clear, non-negotiable boundaries • A healthy dose of suspicion • Threat awareness & self-awareness • Target vulnerability assessments We can still guard the gates. It is very difficult for an impersonator to be perfect at all levels and not raise red flags. They too make mistakes and have to battle with their human limits. Christina Lekati | Cyber Risk GmbH
Contact Details: “Knowledge is a weapon. I intend to be formidably armed.” - Terry Goodkind Christina Lekati @ChristinaLekati Christina Lekati Social Engineering Security Trainer & Consultant Cyber Risk GmbH

Empfohlen

Drivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina LekatiDrivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina LekatiChristina Lekati
 
Protecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsProtecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsChristina Lekati
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesAdam Stone
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 

Empfohlen

Drivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina LekatiDrivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina LekatiChristina Lekati
 
Protecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsProtecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsChristina Lekati
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesAdam Stone
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPNick Selby
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
when minutes counts
when minutes countswhen minutes counts
when minutes countsMartin Lindgren
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentse.law International
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information InfrastructureJay McLaughlin
 
Taming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperTaming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperIBM India Smarter Computing
 
SNW Fall 2009
SNW Fall 2009SNW Fall 2009
SNW Fall 2009Jeff Kubacki
 
Carbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityCarbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityMighty Guides, Inc.
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voiceIBM India Smarter Computing
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Mighty Guides, Inc.
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
Building crowdsourcing applications
Building crowdsourcing applicationsBuilding crowdsourcing applications
Building crowdsourcing applicationsSimon Willison
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuBGA Cyber Security
 
Seductive security - Art of seduction
Seductive security - Art of seductionSeductive security - Art of seduction
Seductive security - Art of seductionb coatesworth
 
Humans Aren’t Computers: Effective Leadership Strategies for IT
Humans Aren’t Computers: Effective Leadership Strategies for ITHumans Aren’t Computers: Effective Leadership Strategies for IT
Humans Aren’t Computers: Effective Leadership Strategies for ITMichele Chubirka
 

Weitere ähnliche Inhalte

Was ist angesagt?

SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPNick Selby
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentse.law International
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information InfrastructureJay McLaughlin
 
Taming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperTaming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperIBM India Smarter Computing
 
Carbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityCarbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityMighty Guides, Inc.
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Mighty Guides, Inc.
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
Building crowdsourcing applications
Building crowdsourcing applicationsBuilding crowdsourcing applications
Building crowdsourcing applicationsSimon Willison
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuBGA Cyber Security
 

Was ist angesagt? (20)

SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLP
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
when minutes counts
when minutes countswhen minutes counts
when minutes counts
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documents
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information Infrastructure
 
Taming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paperTaming the data demons: leveraging information in the age of risk white paper
Taming the data demons: leveraging information in the age of risk white paper
 
SNW Fall 2009
SNW Fall 2009SNW Fall 2009
SNW Fall 2009
 
Carbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityCarbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint Security
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voice
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital Future
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
 
Building crowdsourcing applications
Building crowdsourcing applicationsBuilding crowdsourcing applications
Building crowdsourcing applications
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
 

Ähnlich wie Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering Skillset Through Psychology

Seductive security - Art of seduction
Seductive security - Art of seductionSeductive security - Art of seduction
Seductive security - Art of seductionb coatesworth
 
Humans Aren’t Computers: Effective Leadership Strategies for IT
Humans Aren’t Computers: Effective Leadership Strategies for ITHumans Aren’t Computers: Effective Leadership Strategies for IT
Humans Aren’t Computers: Effective Leadership Strategies for ITMichele Chubirka
 
Leadership By Dr Amita Kashyap Prof PSM
Leadership By Dr Amita Kashyap Prof PSMLeadership By Dr Amita Kashyap Prof PSM
Leadership By Dr Amita Kashyap Prof PSMamitakashyap1
 
BB Triatmoko, SJ, MA, MBA, Emerging Management Issues and Challenges.pptx
BB Triatmoko, SJ, MA, MBA, Emerging Management Issues and Challenges.pptxBB Triatmoko, SJ, MA, MBA, Emerging Management Issues and Challenges.pptx
BB Triatmoko, SJ, MA, MBA, Emerging Management Issues and Challenges.pptxssuser3d9304
 
Scenario Planning- Psychological Perspective
Scenario Planning- Psychological PerspectiveScenario Planning- Psychological Perspective
Scenario Planning- Psychological Perspectiveazizali
 
The role of Psychological Safety & Mission Critical Behaviours for organizati...
The role of Psychological Safety & Mission Critical Behaviours for organizati...The role of Psychological Safety & Mission Critical Behaviours for organizati...
The role of Psychological Safety & Mission Critical Behaviours for organizati...Kye Andersson
 
360HR Knowledge Guide - The Science of Selection
360HR Knowledge Guide - The Science of Selection360HR Knowledge Guide - The Science of Selection
360HR Knowledge Guide - The Science of SelectionDi Pass
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
 
David C Winegar Psychological Safety for Performance
David C Winegar Psychological Safety for PerformanceDavid C Winegar Psychological Safety for Performance
David C Winegar Psychological Safety for PerformanceDavid Winegar
 
Business & Psychology Principles applied to Security Mgt.
Business & Psychology Principles applied to Security Mgt.Business & Psychology Principles applied to Security Mgt.
Business & Psychology Principles applied to Security Mgt.Richard Garrity
 
A Summary of Neuromarketing
A Summary of Neuromarketing A Summary of Neuromarketing
A Summary of Neuromarketing The Royals
 
Master's Presentation to Intel Security
Master's Presentation to Intel Security Master's Presentation to Intel Security
Master's Presentation to Intel Security Andrea Wong
 
A New Model: Advancing Organizational Security Through Peacebuilding
A New Model: Advancing Organizational Security Through PeacebuildingA New Model: Advancing Organizational Security Through Peacebuilding
A New Model: Advancing Organizational Security Through PeacebuildingMichele Chubirka
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015n|u - The Open Security Community
 
Ppt perception and individual Decision Making
Ppt perception and individual Decision MakingPpt perception and individual Decision Making
Ppt perception and individual Decision MakingDeni Triyanto
 
Rational versus emotional – inside the mind of your buyer
Rational versus emotional – inside the mind of your buyerRational versus emotional – inside the mind of your buyer
Rational versus emotional – inside the mind of your buyerB2B Marketing
 
Get to Oz by Making Better Strategic Decisions v5
Get to Oz by Making Better Strategic Decisions v5Get to Oz by Making Better Strategic Decisions v5
Get to Oz by Making Better Strategic Decisions v5leepublish
 

Ähnlich wie Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering Skillset Through Psychology (20)

Seductive security - Art of seduction
Seductive security - Art of seductionSeductive security - Art of seduction
Seductive security - Art of seduction
 
Humans Aren’t Computers: Effective Leadership Strategies for IT
Humans Aren’t Computers: Effective Leadership Strategies for ITHumans Aren’t Computers: Effective Leadership Strategies for IT
Humans Aren’t Computers: Effective Leadership Strategies for IT
 
Leadership By Dr Amita Kashyap Prof PSM
Leadership By Dr Amita Kashyap Prof PSMLeadership By Dr Amita Kashyap Prof PSM
Leadership By Dr Amita Kashyap Prof PSM
 
BB Triatmoko, SJ, MA, MBA, Emerging Management Issues and Challenges.pptx
BB Triatmoko, SJ, MA, MBA, Emerging Management Issues and Challenges.pptxBB Triatmoko, SJ, MA, MBA, Emerging Management Issues and Challenges.pptx
BB Triatmoko, SJ, MA, MBA, Emerging Management Issues and Challenges.pptx
 
Scenario Planning- Psychological Perspective
Scenario Planning- Psychological PerspectiveScenario Planning- Psychological Perspective
Scenario Planning- Psychological Perspective
 
The role of Psychological Safety & Mission Critical Behaviours for organizati...
The role of Psychological Safety & Mission Critical Behaviours for organizati...The role of Psychological Safety & Mission Critical Behaviours for organizati...
The role of Psychological Safety & Mission Critical Behaviours for organizati...
 
360HR Knowledge Guide - The Science of Selection
360HR Knowledge Guide - The Science of Selection360HR Knowledge Guide - The Science of Selection
360HR Knowledge Guide - The Science of Selection
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
David C Winegar Psychological Safety for Performance
David C Winegar Psychological Safety for PerformanceDavid C Winegar Psychological Safety for Performance
David C Winegar Psychological Safety for Performance
 
Business & Psychology Principles applied to Security Mgt.
Business & Psychology Principles applied to Security Mgt.Business & Psychology Principles applied to Security Mgt.
Business & Psychology Principles applied to Security Mgt.
 
A Summary of Neuromarketing
A Summary of Neuromarketing A Summary of Neuromarketing
A Summary of Neuromarketing
 
Master's Presentation to Intel Security
Master's Presentation to Intel Security Master's Presentation to Intel Security
Master's Presentation to Intel Security
 
Social cognition
Social cognitionSocial cognition
Social cognition
 
A New Model: Advancing Organizational Security Through Peacebuilding
A New Model: Advancing Organizational Security Through PeacebuildingA New Model: Advancing Organizational Security Through Peacebuilding
A New Model: Advancing Organizational Security Through Peacebuilding
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
 
Ppt perception and individual Decision Making
Ppt perception and individual Decision MakingPpt perception and individual Decision Making
Ppt perception and individual Decision Making
 
Rational versus emotional – inside the mind of your buyer
Rational versus emotional – inside the mind of your buyerRational versus emotional – inside the mind of your buyer
Rational versus emotional – inside the mind of your buyer
 
Leadership
Leadership Leadership
Leadership
 
Master of Business Leadership ~ Introduction
Master of Business Leadership ~ IntroductionMaster of Business Leadership ~ Introduction
Master of Business Leadership ~ Introduction
 
Get to Oz by Making Better Strategic Decisions v5
Get to Oz by Making Better Strategic Decisions v5Get to Oz by Making Better Strategic Decisions v5
Get to Oz by Making Better Strategic Decisions v5
 

Kürzlich hochgeladen

HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 

Kürzlich hochgeladen (20)

HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 

Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering Skillset Through Psychology

  • 1. Christina Lekati Social Engineering Security Trainer & Consultant Cyber Risk GmbH Beyond Influence Techniques: Broadening your Social Engineering Skillset Through Psychology
  • 2. Christina Lekati • Psychologist & Social Engineer • Trainer & Consultant for Cyber Risk GmbH on the Human Element of Security • Social Engineering & Security Awareness Trainings to All Levels of Employees / Security Teams • Corporate & High-Value Target Vulnerabilities Assessments • Board Member of the OSINT Curious project About Me
  • 3. • Social engineers in an offensive security capability • Cybersecurity professionals working with the human factor • …Anyone who wants to better understand themselves and others Who This Talk Is For Christina Lekati | Cyber Risk GmbH
  • 4. 3 important pillars of human behavior in social engineering: Social Engineering & Human Behavior Christina Lekati | Cyber Risk GmbH Understanding Predicting Influencing
  • 5. Dr. R. B. Cialdini’s 6 Influence Principles: Reciprocation Consistency Social Proof Liking Authority Scarcity Social Psychology – Influence Techniques Christina Lekati | Cyber Risk GmbH Influence Principles rely on fundamental psychological principles that dictate strong behavioral tendencies Or “fixed action-patterns”
  • 6. Social Engineering Attacks Have Evolved Christina Lekati | Cyber Risk GmbH More elaborate campaigns: • Longer reconnaissance • Tailored/ Personalized approach • More elaborate mind-games • Deep-fakes • Ongoing, state-sponsored social engineering campaigns “Hit-and-Run” VS
  • 7. Understanding People Christina Lekati | Cyber Risk GmbH Basic Needs Survival Instincts Social Dynamics Laws of Trust Perception Cognitive Processes Biopsychology Past Experiences Individual Needs Individual Weaknesses Individual Goals/ Desires Personality Self Identity Beliefs “Universal” Elements Individual Elements
  • 8. Christina Lekati | Cyber Risk GmbH Basic Needs Survival Instincts Social Dynamics Laws of Trust Perception Cognitive Processes Biopsychology “Universal” SE Attacks Let’s Start From The Basis of Human Nature: Our Hard-Wiring
  • 9. Social Psychology The scientific study of how people think, feel, and behave in a social context. Universal Hard-Wiring Christina Lekati | Cyber Risk GmbH Perception The way sensory information is organized, interpreted, and consciously experienced. Cognition How people think. All forms of knowing and awareness, such as complex perception processes, conceiving, remembering, reasoning, judging, imagining, and problem solving. Biopsychology The scientific study of the biology of behavior 4 domains that study our basic human make-up, the way we are built to operate and interact with others.
  • 10. 1. Good cover (pretext) 2. Influence target’s decision-making Social Engineering Attacks: What Do They Count On Christina Lekati | Cyber Risk GmbH BUT a target’s decision making depends on their perception of the situation, and their cognitive abilities.
  • 11. Perception Christina Lekati | Cyber Risk GmbH
  • 12. Perception Perception refers to all the information we collect through our senses and the way we interpret them. We do not process all sensory information. The brain will spend energy (cognitive power) mostly on what it prioritizes or considers important. Christina Lekati | Cyber Risk GmbH
  • 13. Perception It is an ironic mental function. Perception enables us to scan and evaluate our environments and the circumstances we encounter. It lets us know if there is a threat, or if we are safe. It is a quick, complex process, that does not require much energy or analytical capabilities. It is a highly automated process that relies on appearances & snap judgments. Christina Lekati | Cyber Risk GmbH
  • 14. Perception A social engineer that wants to approach a target will either: • appear inconspicuous • look like they belong • make the target be attracted to them Christina Lekati | Cyber Risk GmbH
  • 15. Perception – Forming Impressions Christina Lekati | Cyber Risk GmbH • Who is more successful? • Who is more reliable? • Whose opinion can you trust? HALO EFFECT: Cognitive bias that causes our impression of someone on one domain to influence our impression of them on other domains.
  • 16. Christina Lekati | Cyber Risk GmbH Perception – Forming Impressions
  • 17. Christina Lekati | Cyber Risk GmbH Perception – Forming Impressions
  • 18. Perception Manipulation How is “Mia Ash” perceived? Christina Lekati | Cyber Risk GmbH The well-crafted social engineering personas are able to bypass the brain’s cognitive filters and not raise suspicions.
  • 19. Perception - Trust We assign trustworthiness to people that: • Look happy & relaxed in an encounter • Have a calm, steady voice • Appear to be like us (tribal effect) OR • Have the expected behavior under specific circumstances Christina Lekati | Cyber Risk GmbH
  • 20. Perception & The Situation Your brain spends energy aka cognitive power when analyzing a situation Each of us has specific preset notion about the “behavioral scripts” people are meant to play within specific environments/ situations If you follow them, you slide by the perceptual filters If you draw attention but still follow the appropriate behavioral script, you may still not raise suspicions – It is important to be aware of the social settings and local scripts of behavior! Christina Lekati | Cyber Risk GmbH Tailgating Impersonating
  • 21. Perception in Phishing Scams Christina Lekati | Cyber Risk GmbH • The scammers used an email address that looked like it belonged to Corcoran’s assistant but was misspelled by one letter. • The email contained a fake invoice from a legitimate German company—for $388,700.11 for real estate renovations, which didn’t raise any alarms because Corcoran invests in real estate. • Thinking nothing was suspicious, the bookkeeper wired the money to the account listed in the email. Source: https://www.forbes.com/sites/rachelsandler/2020/02/27/shark-tank-host-barbara-corcoran-loses-380000-in-email-scam
  • 22. Other Practical Applications Everything can be a subject to snap-judgments • On-site attack simulations • Sock puppets conducting online monitoring • (Virtual) HUMINT operations • Phishing attack simulations Christina Lekati | Cyber Risk GmbH
  • 23. Cognition Christina Lekati | Cyber Risk GmbH
  • 24. From Perception to Cognition What is affecting whether you will move from perception to analytical thinking? Christina Lekati | Cyber Risk GmbH Priorities Attention
  • 25. Priorities Christina Lekati | Cyber Risk GmbH We pay more attention to what we prioritize. Other information may fade in the background.
  • 26. Attention Christina Lekati | Cyber Risk GmbH Attentional processes are the brain’s way of shining a light to what is relevant to the person and filtering out the rest. Attention limitations or failure occur when: - having to process too much information - multi-tasking Exception! Some individuals are trained to an exceptional situational awareness level. The development of their covert attention includes a much broader spectrum of information receptiveness and processing.
  • 27. Cognitive Analysis Christina Lekati | Cyber Risk GmbH Cognition How people think. All forms of knowing and awareness, such as complex perception processes, conceiving, remembering, reasoning, judging, imagining, and problem solving. Information / Sensations Thinking Outcomes Experience, Knowledge, Emotions
  • 28. Cognitive Filtering A social engineering engagement becomes more complicated when the target engages in cognitive processes. If: • They pause and think before they speak • Ask questions • Do not grant you your wishes Christina Lekati | Cyber Risk GmbH
  • 29. Cognitive Filtering Internal questions asked during a first encounter: • “Who is this person?” • “What do they want?” • “Are they a threat?” • “How long will this take?” Source: C. Hadnagy, Social Engineering, The Science of Human Hacking (2018) • “What’s in it for me?” Christina Lekati | Cyber Risk GmbH
  • 30. Cognitive Filtering Communication capabilities have the power to influence cognitive processes. • Have a good pretext • Anticipate the target’s internal questions and address them in your communication • Use emotional and situational factors to your advantage Christina Lekati | Cyber Risk GmbH
  • 32. Hacking The Cognitive Filters: Biopsychology Primarily based on hormones and chemicals created through: • Emotions • Stress • Lack of sleep/ fatigue Christina Lekati | Cyber Risk GmbH Biopsychology The scientific study of the biology of behavior
  • 33. Emotions “I couldn’t think straight” • They trigger different priorities and introduce new motivations. • Emotions will make someone want to approach a person/situation and engage with them. Or the opposite. • Positive emotions like liking & rapport can give people “rose-colored glasses”. Hormone: dopamine, serotonin, oxytocin (highly rewarding & addictive) • Negative emotions like fear, tension trigger automatic avoidance responses. Hormones: cortisol, adrenaline Christina Lekati | Cyber Risk GmbH
  • 34. Stress Stress hormones (cortisol, adrenaline) make the body believe and act as if there is an emergency. The brain gets occupied with that emergency. Mind and body get in tune to deal with the stressor. Priorities shift – Attention shifts to dealing with the stressor – Cognitive processes under function. Christina Lekati | Cyber Risk GmbH
  • 35. Situational Factors Situational variables can make quite a bit of a difference in the outcome of a behavior. After everything you learned imagine... • Introducing a stressor or diversion before/ during an encounter (e.g. baby cry in the background) • Selecting the right timing (e.g. Fridays, the busiest time of the year, etc.) • Introducing emotional variables Christina Lekati | Cyber Risk GmbH
  • 36. The Good News: Neuroplasticity All the above can be utilized in an offensive and defensive capacity. Our brains ARE capable of creating new behavioral pathways that can become automatic. Red flags act like cognitive triggers when employees have been trained well. Christina Lekati | Cyber Risk GmbH
  • 37. Defense • Minimize employee decision-making where possible • Good quality training that actively engages employees. Training that is personal, intrigues and interests them • Reinforce a “security mindset” within your organization – utilize group influence tactics • Run exercises / attack simulations to reinforce good practices, learning & memory Christina Lekati | Cyber Risk GmbH
  • 38. Christina Lekati | Cyber Risk GmbH What About Targeted, Tailored Attacks? Past Experiences Individual Needs Individual Weaknesses Individual Goals/ Desires Personality Self Identity Beliefs Individual Elements
  • 39. Targeted, Tailored Attacks • Long-term, targeted social engineering attacks • Insider threat recruitment campaigns • HUMINT, Espionage operations Christina Lekati | Cyber Risk GmbH
  • 40. Universal Needs Christina Lekati | Cyber Risk GmbH Water, food, air, warmth, sleep, shelter Maslow’s Hierarchy of Needs PHYSIOLOGICAL NEEDS SAFETY NEEDS Security of: physical self, family, health, financial, property BELONGING / LOVE Social Circle, Friends, Family, Intimacy ESTEEM Self-esteem, respect & appreciation from others, confidence, importance SELF-ACTUALIZATION Goal achievement, self discovery, realization of one’s full potential Used to entice
  • 41. Universal Motivating Factors Christina Lekati | Cyber Risk GmbH Satisfy an (unmet) need Utilize the tribal instinct “Serve” their personal interests Make them feel good about themselves
  • 42. Targeted Social Engineering Attacks Christina Lekati | Cyber Risk GmbH Targeted campaigns start from a basis of what is known about human hard-wiring. They develop based on the target’s: • Self interests, goals, desires • Unmet needs & weaknesses • Addictions • Personality traits • Strong beliefs • Self-identity
  • 43. Long-term attacks are not based on short-lived influence tactics. They are based on personal relationships. As they progress, more information about the individual become known and additional bonding tactics are being used. Social engineers working on defensive security will need to learn to read their targets in a more specialized way, find potentially exploitable vulnerabilities, and help their clients become aware of those and protect themselves (and their organizations). Christina Lekati | Cyber Risk GmbH Long-Term Social Engineering Attacks
  • 44. Defense • Clear, non-negotiable boundaries • A healthy dose of suspicion • Threat awareness & self-awareness • Target vulnerability assessments We can still guard the gates. It is very difficult for an impersonator to be perfect at all levels and not raise red flags. They too make mistakes and have to battle with their human limits. Christina Lekati | Cyber Risk GmbH
  • 45. Contact Details: “Knowledge is a weapon. I intend to be formidably armed.” - Terry Goodkind Christina Lekati @ChristinaLekati Christina Lekati Social Engineering Security Trainer & Consultant Cyber Risk GmbH