2018--033-Chris_Hadnagy-SE-OSINT-vishing-phishing-book_interview-pt2
Published September 15, 2018
|
60 min
    Download
    Add to queue
    Copy URL
    Show notes

    Part 2 of our interview with Chris Hadnagy
    Discuss more about his book,
    best ways to setup your pre-text in an engagement
    how you might read someone on a poker table
    a great story about Chris's favorite person “Neil Fallon” from the rock band “Clutch”
    and we talk about “innocent lives foundation”, something near and dear to Chris' heart.

    We start the second part of our interview with Chris with the question “are the majority of your SE engagements phishing and calls, or is it physical engagements?”

     

    Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9

    SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/

    Chris’ Podcast: https://www.social-engineer.org/podcast/

     

    SECTF at Derby (contestants are chosen)

       

     

    Remembering - attention to detail

        Remembering details

        Can be the difference between success and failure

     

    Social Engineering - the different aspects:

    1. Info Gathering
      1. Time constraints
      2. Accommodating non-verbals
      3. Body language must match mood
      4. Using a slower rate of speech
      5. Suspending ego
      6. RSVP
    2. Rapport
    3. Psychology
      1. “Getting information without asking for it”
    4. Elicitation
      1. ‘The Dark Art’ -negative outcome for the target
    5. Manipulation
      1. “Getting someone to do what you want them to do”
      2. Understanding the science of compliance
    6. Influence
    7. Profiling
    8. Communications Modeling
    9. Facial Expressions
    10. Body Language
      1. Don’t overextend your reach
      2. Knowledge that comes from a point of truth, or is easily faked
    11. Pretexting
    12. Emotional Hijacking
    13. Misdirection
    14. Art
    15. Science

     

       

    Questions:

        What precipitated the need to write another book?

        You bring up several successful operations, and several failures…

            How do you regroup from a failure, especially if the point of entry is someone that ‘got you’...

    “The level of the assistance you request must be equal to the level of rapport you have built” -

        Seems like understanding this is an acquired skill, not set in stone…

     

    Many of us in the infosec world are introverts… how do you suggest we hone our skills in building rapport without coming off as creepy?

    Work place? On the commute?

    Does being an introvert mean that it might take longer to get to the goal? Can we use our introverted natures to our advantage?

            Get Ryan on the show…        

                       

    Lots of items

    (8 principles of influence)   

     

    Typical daily SE activities

        Holding a door open, then the person reciprocates

     

    Framing

        We don’t ‘kill our dogs’, we ‘put them to sleep’.

     

    Questions from our Slack:

     

    Ben:

    Do you feel there's an importance for non-InfoSec adjacent folks to learn about Social Engineering, and maybe go through some sort of training in order to navigate day-to-day life in the modern world?

     

    What does an interview at Chris’ company look like?

     

    https://www.innocentlivesfoundation.org/

     

     

    Check out our Store on Teepub! https://brakesec.com/store

    Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

    #Brakesec Store!:https://www.teepublic.com/user/bdspodcast

    #Spotifyhttps://brakesec.com/spotifyBDS

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

     

      15
      15
        0:00:00 / 0:00:00