We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Social Engineering Village - Getting Psychic

0
 Zitieren
 Teilen
 Herunterladen
 Bestellen
Kein Logo verfügbarDEF CON
 Kirsch, Chris

Formale Metadaten

Titel
Social Engineering Village - Getting Psychic
Untertitel
Cold Reading Techniques for Fortune Tellers and Social Engineers
Alternativer Titel
Psychic Cold Reading Techniques
Serientitel
Anzahl der Teile
335
Autor
Lizenz
CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Cold reading is a technique to make others believe that you have psychic powers. After reading everything I could find on cold reading, I ran a two-day experiment during the Veracode Hackathon, where I gave psychic readings to colleagues whom I didn’t know personally. Each participant filled in a survey at the end of the reading, and gave me a short video statement about the experience. In this talk, introduce the concept of cold reading, my experiments, and recommendations for using cold reading techniques in social engineering. I’ll walk through the set up of the experiment, which included setting the scene through props, gauging the “sitter’s” level of experience and openness to psychic readings, and then various techniques I applied. These included using statements rather than questions, rainbow ruses based on reading social cues, and playing with probabilities. The talk includes video testimonials and survey results to show the effectiveness of the techniques in the experiment. We’ll then switch to applying cold reading to social engineering. We’ll cover how props help build your authority if you introduce them in the right way. Using statements rather than questions demonstrates that you are an insider and know the company or situation well, which builds rapport fast. Gauging whether a target is tech savvy helps you tailor your attack. Researching frequently used hardware and software (probability game) and using these in statements can further build your authority. We’ll learn how fortune tellers are never wrong, and how to build justifications so you are always right. Doing OSINT research on your target will help your hit rate, which is what psychics call a warm reading. Before going into questions we’ll cover the following week’s winning numbers for MegaMillions. Chris Kirsch has always had a passion for security, but bad life choices led him to a career in marketing – for many DEF CON attendees just one step above a rose seller. He has enjoyed worked product marketing jobs at PGP Corporation, nCipher, Rapid7 and now Veracode. Born in Germany, he has lived in Switzerland, the United Kingdom, and now the United States. In 2017, Chris received a DEF CON black badge for the Social Engineering CTF by shamelessly taking advantage of nice, trusting people at a Fortune 500 gaming company. Chris is currently looking for an internship with a fortune teller to advance his career.