Artwork

コンテンツは Black Hat / CMP and Jeff Moss によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Black Hat / CMP and Jeff Moss またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!

Joseph Klein: The Social Engineering Engagement Methodology - A Formal Testing process of the People and Process

40:54
 
シェア
 

Manage episode 155121483 series 1146744
コンテンツは Black Hat / CMP and Jeff Moss によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Black Hat / CMP and Jeff Moss またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal
The security of an organization is composed of technology, people and processes. In the last few years, many organizations have done a good job addressing technology but have focused very little on the people and processes. This presentation reviews the formal methodology for performing Social Engineering Engagements. The method is divided into four sections including the Pre-Engagement, Pre-Assessment, Assessment and Post-Assessment. The Pre-Engagement, is the sales process for performing the assessment. In this section, we will review the business justification and headlines of current attacks. Pre-Assessment if focused on identifying the scope of the project, limitation, targets and attack vectors. Also included are examples of what information must be gathers for use in the assessment and post assessment phase. The most interesting and tedious part is the actual assessment. In this section, we will discuss how to engage the target, utilize company information, how to achieve the goal and what to do when you are caught. Included in this section is also how and what to document about every contact. Post assessment is the analysis and reporting phase. In it, we will review documenting findings, and mapping them to recommendations. Joe Klein, CISSP is Senior Security Consultant at Honeywell and a member of the IPv6 Business Council. He performs network, application, web-application, wireless, source-code, host security reviews and security architecture design services for clients in the commercial and government space Prior to joining Honeywell, Joe worked as a consultant performing attack and penetration assessments for many significant companies in the IT arena. While consulting, Joe also taught "Hacking and Incident Handling", "IDS/IPS management" and "Managing Network Security" at a local college in Jacksonville Florida. He regularly speaking at conferences including Defcon, InfoSecWorld, PhreakNic and regional meetings including Infragard, ASIS and ISSA.>
  continue reading

61 つのエピソード

Artwork
iconシェア
 
Manage episode 155121483 series 1146744
コンテンツは Black Hat / CMP and Jeff Moss によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Black Hat / CMP and Jeff Moss またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal
The security of an organization is composed of technology, people and processes. In the last few years, many organizations have done a good job addressing technology but have focused very little on the people and processes. This presentation reviews the formal methodology for performing Social Engineering Engagements. The method is divided into four sections including the Pre-Engagement, Pre-Assessment, Assessment and Post-Assessment. The Pre-Engagement, is the sales process for performing the assessment. In this section, we will review the business justification and headlines of current attacks. Pre-Assessment if focused on identifying the scope of the project, limitation, targets and attack vectors. Also included are examples of what information must be gathers for use in the assessment and post assessment phase. The most interesting and tedious part is the actual assessment. In this section, we will discuss how to engage the target, utilize company information, how to achieve the goal and what to do when you are caught. Included in this section is also how and what to document about every contact. Post assessment is the analysis and reporting phase. In it, we will review documenting findings, and mapping them to recommendations. Joe Klein, CISSP is Senior Security Consultant at Honeywell and a member of the IPv6 Business Council. He performs network, application, web-application, wireless, source-code, host security reviews and security architecture design services for clients in the commercial and government space Prior to joining Honeywell, Joe worked as a consultant performing attack and penetration assessments for many significant companies in the IT arena. While consulting, Joe also taught "Hacking and Incident Handling", "IDS/IPS management" and "Managing Network Security" at a local college in Jacksonville Florida. He regularly speaking at conferences including Defcon, InfoSecWorld, PhreakNic and regional meetings including Infragard, ASIS and ISSA.>
  continue reading

61 つのエピソード

Усі епізоди

×
 
Loading …

プレーヤーFMへようこそ!

Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。

 

クイックリファレンスガイド