121: Ed

en-usJuly 26, 2022

Podcast Summary

The Importance of Cybersecurity Education: It's important to be aware of social engineering tactics and phishing attacks, as even educated individuals can be scammed. Educating ourselves and our businesses on cybersecurity is crucial to preventing catastrophic losses from online scams.
Phishing attacks are not always technical; sometimes, scammers manipulate people through social engineering tactics. Even educated people on phishing attacks and social engineering can fall victim to them. Online scams can cause a total catastrophe as evident from Barbara Corcoran, who lost $400,000 due to a single phishing email. Thus, it's crucial to educate ourselves on how to spot these attacks and prevent them. Cybersecurity training and education are essential for individuals and businesses to understand the dangers of the dark side of the internet and how to avoid them.
Importance of Defining Scope in Penetration Testing: In penetration testing, it's crucial to define a scope that lists allowed and off-limits IP addresses. Every door and window into the network should be tested to identify vulnerabilities and improve overall security.
When conducting penetration testing, it is important to have a well-defined scope that specifies which IP addresses are allowed to be attacked and which are off-limits. Companies and hospitals may have concerns about potential harm to patients and may not be open to having everything attacked. However, any and every door or window into the network should be tested, even if it means testing works-in-progress or systems that haven't been updated for a while. The aim should be to identify potential vulnerabilities in the network and mapping the attack surface to ultimately improve the security of the system.
The Importance of Testing for Vulnerabilities in Web Interfaces: Penetration testers use a checklist to ensure that servers are not vulnerable to well-known attacks. Testing for vulnerabilities on both the outer and inner digital perimeters should be conducted to identify any weaknesses.
Web interfaces like HTTP and HTTPS are vulnerable to attacks due to their complexity. Penetration testers like Ed and his team use a checklist of things to test on every system or computer they encounter to ensure that none of the servers are vulnerable to well-known types of attacks. Although they found low-level vulnerabilities on the public-facing parts of the hospital network, the hospital did well at securing their outer digital perimeter. In the second phase of the test, they posed as various attackers to map the inside of the hospital network and identify vulnerabilities if any. They followed a low-and-slow approach to scanning and enumerating the environment, trying to evade detection initially, and then ramping it up over time to see where they get noticed.
Importance of Updating System Software and Prioritizing High-Severity Vulnerabilities in Penetration Testing: Regularly updating all system software, including seemingly unimportant devices, and prioritizing high-severity vulnerabilities during penetration testing can prevent malicious attacks and system shutdowns. Vendors must alert customers of necessary patches for systems.
It is crucial to keep all system software current and up-to-date, as vulnerabilities can be exploited to gain access and control over the system. Even seemingly unimportant devices like printers and routers can pose a threat if not updated regularly, and vendors must alert customers of necessary patches for systems. During penetration testing, it is essential to maintain a low profile and not trigger any alarms. All vulnerabilities are not the same, and it is necessary to prioritize the high-severity ones that can be exploited easily. Care must be taken while exploiting them, as the system may crash or reboot. Steps must be taken to patch all vulnerabilities in the system to prevent actual malicious attacks.
The Importance of Proper Penetration Testing Guidelines and Vigilance in Cybersecurity: Penetration testing can reveal critical vulnerabilities in computer systems, but it must be conducted within the limits of the rules of engagement and with caution to avoid causing harm. Clear guidelines and up-to-date insurance are necessary, and cybersecurity professionals must be mindful of potential real-world consequences.
Penetration testing can reveal vulnerabilities in computer systems that can lead to serious real-world consequences. Having command line access on another computer can give access to sensitive information and even control of critical systems like surgical lasers. It's important to operate within your scope, follow the rules of engagement, and be careful not to cause harm. This incident highlights the need for clear definitions and guidelines for penetration testing, as well as the importance of having up-to-date insurance. Cybersecurity professionals, whether in pen-testing, defense, or forensics, must be vigilant and mindful of the potential impact of their actions on real-world situations.
Biohacking Village Device Lab at Defcon: Bridging the Gap between Medical Device Makers and Security Researchers.: The Biohacking Village Device Lab creates a safe space for collaboration between medical device makers and security researchers to improve device security, build trust, and protect patients. It is crucial to exercise due diligence during the pen test to avoid any harm.
The growing dependence on connected technology is outpacing our ability to secure it. The Biohacking Village Device Lab at Defcon aims to bridge this gap by creating a safe space for collaboration between medical device makers and security researchers. Despite the challenges faced by medical device makers in regards to security and reliability, four medical device makers participated in the Device Lab, engaging with the security research community to learn and improve device security. With the participation of the FDA, patients, and researchers, the Device Lab provides a collaborative platform to build trust, understanding, and empathy between all the ecosystem stakeholders. It is essential to be aware and careful and exercise due diligence in the pen test to ensure that none of the patients or anyone involved is hurt.
Collaboration between Device Makers and Hackers is Key to Securing Medical Devices.: The FDA's leadership has encouraged collaboration between device makers and hackers to improve medical device security. With more manufacturers attending the Medical Device Hacking Village at Defcon, this partnership is a crucial step towards building secure medical devices for patients.
The FDA's leadership has led to the collaboration between device makers and hackers, resulting in a positive impact on securing medical devices. Medical device makers have found a benefit in working with hackers. Hospitals need to apply fixes provided by the medical device makers to make the devices secure, but in many cases, it does not happen. The Medical Device Hacking Village at Defcon is getting bigger with more manufacturers bringing devices and talking with hackers on how to improve device security. Manufacturers are attending to learn from hackers on how they can make their products more secure. Collaboration between device makers and hackers is a key step in building secure medical devices for patients.
The Vulnerability of Children's Toys to Hacking Risks: Companies producing children's toys need to prioritize security measures to protect the privacy and safety of children and their families. Rushing production without properly addressing vulnerabilities can result in significant risks.
Toys for children are also vulnerable to security risks from hacking. This includes not only the device itself, but also the controller, mobile app, and Cloud-based service. The vulnerabilities can cause significant risks to privacy, safety, and confidentiality. In the case of a toy doll, Ed and his team discovered a high-risk vulnerability that allowed for replay attacks. The toy company was not willing to delay production and ship the toys with the vulnerability, despite the risks involved. This highlights the need for companies to prioritize security and take necessary measures to ensure the safety and privacy of their customers, especially when it involves children's toys.
Effectively communicating security risks and vulnerabilities to customers.: It's not just about reporting vulnerabilities - security professionals should also communicate the real-world impact on people and demonstrate the urgency for companies to address security problems. Visionary companies recognize the significance of a security problem and act promptly to resolve it.
As a security professional, it's vital to communicate the risks of vulnerabilities in a way that customers understand and that maps to their business model. Technical findings need to be translated into the implications for safety and the real-world impact on people. Sometimes it takes public pressure for companies to address security problems, but visionary companies recognize the significance of a security problem and act promptly to resolve it. As a penetration tester, simply reporting vulnerabilities is not always enough. You may need to demonstrate how the vulnerability can cause serious pain to the company to create an urgency to fix the issue. Hacking and penetration testing can be an exciting line of work.

Recent Episodes from Darknet Diaries

In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

Darknet Diaries

en-usJuly 02, 2024

146: ANOM

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

Related Episodes

Episode 19: Accelerating Canadian IoT ventures

Picking the right horse is important but choosing the best racetracks to race in is just as crucial. The same holds for individual IoT ventures and the IoT verticals or sectors they play in. With a track record of successful races, our guest shares his thoughts on the merits of IoT application in different sectors and why and how L-SPARK is accelerating IoT ventures in the automotive, medical, and cybersecurity fields. We also discuss the SaaS-IoT interplay and L-SPARK’s programs and touch on guidance for entrepreneurs growing their ventures.

Guest

Our guest is Leo Lax, Executive Managing Director at L-Spark in Ottawa. Leo has extensive experience in the high-tech sector in Canada, including senior management and executive roles at Mitel and Newbridge Networks (now Nokia). Leo also founded and led Skypoint, a prominent Canadian VC firm that invested in Canadian tech companies. Today, as founder and executive director at L-SPARK, he oversees their programs that help technology companies accelerate their growth through new investment and mentorship – with a significant IoT-related focus. Leo’s career is founded on his Electrical Engineering degrees from McGill University and the Royal Military College.

Links

Leo on Online

LinkedIn: https://www.linkedin.com/in/leo-l-8b124/

Twitter: @leolax

L-SPARK

Web: https://l-spark.com

Visit IoT North

Website: https://iotnorth.ca

LinkedIn Group: https://www.linkedin.com/groups/12309383

Twitter: @iotNorth

en-caMay 26, 2022

Ep. 213 - The Doctor Is In Series - Everything You Remember is False

Welcome to the Social-Engineer Podcast: The Doctor Is In Series – where we will discuss understandings and developments in the field of psychology.

In today’s episode, Chris and Abbie are discussing: False Memories. Although memory processes and systems usually operate reliably, they are sometimes prone to distortions and illusions. Today’s discussion will examine how and why this happens. [June 5, 2023]

00:00 - Intro

00:20 - Dr. Abbie Maroño Intro

01:02 - Intro Links

- Social-Engineer.com - http://www.social-engineer.com/

- Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/

- Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/

- Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/

- Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb

- CLUTCH - http://www.pro-rock.com/

- innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/

07:43 - The Topic of the Day: False Memories

08:11 - Defining Our Memories

10:17 - Challenging Your Reality

11:48 - Remember the Good Times

13:01 - The Exception

15:07 - Unintentional Ego Inflation

17:27 - Putting it in Context

18:46 - The Dangers of Distorting Memories

23:19 - Not-So-Total Recall

25:40 - Repression vs Suppression

28:35 - Eyewitness Error

32:10 - Shameless Plug: Ep. 134

- Altered Memories and Alternate Realities with Dr. Elizabeth Loftus

34:14 - Emotional Influence

37:22 - How Accurate Are You???

39:56 - Emotional Defense

44:35 - Belief System

47:48 - Don't Be Certain (Because You're Not)

49:31 - Confirmation Bias

52:39 - Simple Does Not Equal Easy

54:08 - Shades of Grey

56:38 - Wrap Up

56:58 - Next Month: Deception Detection

57:45 - Outro

- www.social-engineer.com

- www.innocentlivesfoundation.org

Find us online:

- Twitter: https://twitter.com/abbiejmarono

- LinkedIn: linkedin.com/in/dr-abbie-maroño-phd-35ab2611a

- Twitter: https://twitter.com/humanhacker

- LinkedIn: linkedin.com/in/christopherhadnagy

References:

Damiano, C., & Walther, D. B. (2019). Distinct roles of eye movements during memory encoding and retrieval. Cognition, 184, 119-129.

Robins, S. K. (2019). Confabulation and constructive memory. Synthese, 196, 2135-2151.

Schacter, D. L. (2022). Constructive memory: past and future. Dialogues in clinical neuroscience.

Murphy, G., Loftus, E. F., Grady, R. H., Levine, L. J., & Greene, C. M. (2019). False memories for fake news during Ireland’s abortion referendum. Psychological science, 30(10), 1449-1459.

Sedikides, C., & Skowronski, J. J. (2020). In human memory, good can be stronger than bad. Current Directions in Psychological Science, 29(1), 86-91.

Otgaar, H., Howe, M. L., & Patihis, L. (2022). What science tells us about false and repressed memories. Memory, 30(1), 16-21.

Loftus, E. F. (1993). The reality of repressed memories. American psychologist, 48(5), 518.

Anderson, M. C., & Hulbert, J. C. (2021). Active forgetting: Adaptation of memory by prefrontal control. Annual review of psychology, 72, 1-36.

Loftus, E. F., & Pickrell, J. E. (1995). The formation of false memories. Psychiatric annals, 25(12), 720-725.

Otgaar, H., Candel, I., Merckelbach, H., & Wade, K. A. (2009). Abducted by a UFO: Prevalence information affects young children's false memories for an implausible event. Applied Cognitive Psychology: The Official Journal of the Society for Applied Research in Memory and Cognition, 23(1), 115-125.

Otgaar, H., Candel, I., Scoboria, A., & Merckelbach, H. (2010). Script knowledge enhances the development of children’s false memories. Acta Psychologica, 133(1), 57-63.

The Social-Engineer Podcast

enJune 05, 2023

Ep. 224 - The SE ETC Series - Tips for Having Difficult Conversations with Chris and Patrick

Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [August 28, 2023]

00:00 - Intro

00:21 - Patrick Laverty Intro

00:55 - Intro Links

- Social-Engineer.com - http://www.social-engineer.com/

- Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/

- Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/

- Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/

- Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb

- CLUTCH - http://www.pro-rock.com/

- innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/

07:20 - Intro Chat

09:11 - Todays Topic: Tips for Having Difficult Conversations

10:00 - Outline for Parents

12:10 - Map Your Terrain

16:22 - Define Your Goal

17:40 - Decide on Your Pretext

20:05 - Imagine Your Rapport Building

21:50 - Identify Potential Influence Building Techniques

28:47 - Run a Quick Manipulation Check

31:31 - Pump Up the Nonverbals

36:30 - Conduct an Authenticity Check

39:21 - Prepare for Likely Contingencies

40:48 - Solidify Gains

43:40 - Next Month: ???

44:00 - Wrap Up & Outro

- www.social-engineer.com

- www.innocentlivesfoundation.org

Find us online

- Chris Hadnagy

- Twitter: @humanhacker

- LinkedIn: linkedin.com/in/christopherhadnagy

- Patrick Laverty

- Twitter: @plaverty9

- LinkedIn: linkedin.com/in/plaverty9

The Social-Engineer Podcast

enAugust 28, 2023

difficult conversations

communication

social engineering

cybersecurity awareness

cybersecurity

communication techniques

122: Lisa

In this episode we hear some insider threat stories from Lisa Forte. Sponsors Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs — finding and fixing vulnerabilities in real time. Create your free account at snyk.co/darknet. Attribution Darknet Diaries is created by Jack Rhysider. Editing by Damienne. Assembled by Tristan Ledger. Sound designed by Andrew Meriwether. Episode artwork by odibagas. Mixing by Proximity Sound. Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usAugust 23, 2022

Ep. 222 - Human Element Series - Art and Bias with Andi Schmied

Today we are joined by Andi Schmied. Andi is an urban designer and visual artist. With her installations and printed work, she explores the architectural framing of social space, and uncovers urban anomalies. These vary from areas that have deviated far from their originally planned function, utopian architectures or spaces of extreme privilege.

Schmied graduated as an urban designer from the Bartlett School of Architecture (UCL, London) and is currently a PhD candidate at Moholy Nagy University of Arts and Design. Her latest book, Private Views: A High-Rise Panorama of Manhattan won the first prize in visual arts category of the Most Beautiful Czech Books competition. Her work, among other places, has been shown from London to Vienna and everywhere in between. [August 14, 2023]

00:00 - Intro

00:13 - Intro Links

- Social-Engineer.com - http://www.social-engineer.com/

- Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/

- Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/

- Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/

- Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb

- CLUTCH - http://www.pro-rock.com/

- innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/

03:10 - Andi Schmeid Intro

04:12 - From Design to Disruption

06:15 - Open House