1. PHDays 2012 vlad@styran.com

2. 3. ? 4. ? 5. 6. The act of manipulating a person to accomplish goalsthat may or may not be in their best interest. , .www.social-engineer.org 7. 8. Nigerian/419 scam 9. Frank Abagnale Jr. Kevin Mitnick Mark Zuckerberg Benjamin Franklin 10. (Framing) (Pretexting) (Elicitation) (Manipulation) 11. Understanding scam victims: seven principles for systems security Frank Stajano, Paul Wilson, University of Cambridge, 2009 12. 13. 14. 15. 16. 17. 18. 19. (Framing) (Pretexting) (Elicitation) (Manipulation) 20. 21. Google hacking Johnny Long GH For Penetration Testers Phishing Social Engineering Toolkit by @dave_rel1k Maltego Patervas uber WWW mining weapon FOCA Fear the Foca for your metadata can speak Creepymap Seek and pinpoint 22. 23. Tail Gating Piggybacking Shoulder Surfing All your passwords are belong to us No school other the old school Veni, vidi, vici / 24. ? . 25. ?() , , , , , , , - IP- (!) 26. ? () , , , , , , , , , , -, , MMORPG 27. (Framing) (Pretexting) (Elicitation) (Manipulation) 28. (Framing)Framing is information and experiences in life that alterthe way we react to decisions we must make. , , , . www.social-engineer.org 29. Frame of Reference / / 30. (Framing) (Pretexting) (Elicitation) (Manipulation) 31. (Pretexting)Pretexting is defined as the act of creating an inventedscenario to persuade a targeted victim to releaseinformation or perform some action. . www.social-engineer.org 32. Help Desk / Tech Support Pizza Guy 33. (Framing) (Pretexting) (Elicitation) (Manipulation) 34. (Elicitation)Elicitation is the process of extracting information fromsomething or someone during an apparently normaland innocent conversation. , , . 35. (Manipulation)https://irrelevantaxiom.wordpress.com/2011/10/14/the-age-of-manipulation/ 36. , , 37. / (reframing) , (elicitation) (manipulation) 38. 1 39. 1 40. 2RSA SecurID Attack http://blogs.rsa.com/rivner/anatomy-of-an-attack/ 41. 2 RSA SecurID Attack () , 2011 . 2011 recruitmentplan.xls MS Excel 42. / FOCA 43. / FOCA 44. / Maltego 45. S.E.T. 46. 47. 48. 40-60(-80?)% (?) 49. 50. ? 51. 52. - 53. , , , 54. , , : DOC, XLS, PDF, ETC. 0-days & public exploits 55. , , - 56. , 57. 58. 59. Chris Hadnagy Social Engineering Joe Navarro What Every Body Is Saying Louder Than Words Kevin Mitnick The Art Of Deception 60. 61. WWW www.social-engineer.org Social-Engineer.org Podcast @humanhacker www.jnforensics.com @navarrotells www.paulekman.com 62. ! , , Do no evil! 63. !vlad@styran.com@xaocuc