A simulated compromise of a Fortune 500 company as part of a social engineering competition will lead to discussion about how data was collected using open source intelligence (OSINT) beyond that of social media and tools. It will identify places to find data, providing insight for more valuable data sources. This will include a demo of OSINT techniques, phishing and a pretexting discussion.
1: Learn how to defend against social engineering.
2: Understand the relative ease in collecting open source intelligence (OSINT).
3: Learn more about the tools and techniques used in social engineering.
Another year, another wave of security incidents and threat models to keep the cybersecurity industry busy. So there was plenty to discuss and share as the InfoSec community flocked to San Francisco for the annual RSA Conference last month.
A view from the escalator as I descend into the bowels of RSAC 2017.
As always, the latest trends in the industry were addressed. Large data breaches, quickly growing threat models, security education, political hacking, and the risks posed by the Internet of Things were common threads throughout many of the keynotes, sessions, workshops, expos, and general chatter among attendees.
RSAC has more of a trade show feel compared to other security conferences so I’ve learned over the years that it’s best to approach the conference as an opportunity to meet and network with industry experts. This year I spent less time attending the talks and more time meeting with the players in the industry who are there to make deals and form partnerships.
Throughout the week I was lucky to catch up with several industry professionals representing some of the top tier firms in the cybersecurity sector who shared their take on the challenges and trends facing cybersecurity firms, their clients, and end users.
This episode of the podcast features interviews collected at RSAC 2017.
At this year’s RSA security conference in San Francisco, researcher Rob Graham gave a presentation entitled “Mirai and IoT Botnet Analysis.” His talk examined the infamous “Mirai” Internet of Things botnet and shared details on how it operates. Graham also covered technical aspects of the cameras it infects and detailed his own experimentation with Mirai in the wild. He went on to discuss last year’s massive DDoS attacks on DNS provider Dyn, which involved variations of the Mirai IoT botnet.
The audio quality isn’t the best, but good enough to follow along. If you listen closely you’ll hear me ask a question from the audience toward the end. Big thanks to RSA, Jen, Rob, and Josh for allowing me to record the session. I hope this “Thunderdome Debate” format will return next year to RSA and possibly expand to at least another hour. Enjoy!