Technology will remain one of our biggest security weaknesses; however, today most cyberattacks have a social engineering component, where threat actors target people as the most vulnerable part of the system. As cybersecurity professionals, we are tasked with training our personnel to avoid both simple and complex mistakes while still doing their jobs, delivering good customer experiences, and keeping business running.
In recent years, threat actors have dissected business processes to find hidden vulnerabilities, leveraged AI to craft highly realistic scams, exploited employee trust, and even infiltrated corporate ranks from within.
This talk will explore the latest techniques for detecting and preventing breaches at the human level, highlight practical approaches to security training, and discuss how we must adapt our business practices to operate under the constant assault on our social systems and trust, well beyond the realm of technology.
Takeaways:
- Technology isn’t the weakest link, people are.
- Training must be practical, not theoretical.
- Threat actors evolve, so should we.
- Security is a business function, not just IT.
Forget textbook phishing templates and generic vishing scripts. This is a continuation of the talk that continues a deep dive into the psychology, culture, and behavior of real-world threat actors and shows how we turn their own tactics against them. We’ve been successfully using social engineering techniques against cyber threat actors for decades, and in this presentation, I’ll share some of the key techniques and approaches that have made this possible.
Is it enough to be preoccupied with monitoring the perimeter and fending off attacks against our systems? No! This focus overlooks the root cause of these attacks originating from the Dark Web. It's crucial to extend our vigilance beyond our own organization and encompass our supply chain and cloud by gaining visibility into the Dark Web.
While breaches and leaks are inevitable, a swift response and effective remediation can save your organization from a disastrous breach. By keeping a watchful eye on the Dark Web, we can enhance our organization's security and the overall effectiveness of our security program.
Learning Objectives:
- Discover the advantages of proactive monitoring of the Dark Web
- Learn how adjusting your defenses to the Dark Web threats can improve -your overall threat landscape
- Learn how to use threat intelligence to prevent losses
- Learn to act on actionable threats, defending corporate data and reputation
Building an effective Cyber Threat Intelligence (CTI) program is rarely straightforward. From shifting threat landscapes to internal maturity challenges, even experienced teams can struggle to get it right.
In this session, we’ll explore the good: what works and why, the bad: common pitfalls and inefficiencies, and the ugly: where CTI efforts often become a liability. Most importantly, we’ll highlight how individuals on the team can play a critical role in driving success by leveraging their unique skills to elevate the entire program. Whether you're building from scratch or looking to fine-tune a mature operation, this talk offers practical insights for making your CTI efforts smarter, stronger, and more impactful.
We’re back with more on Penetration Testing and Red Teaming powered by real Cyber Threat Intelligence.
In this webinar, we’ll break down 5 techniques you should be using in your pen tests. From carefully using Dark Web data to exploiting weak server-side validation, these are practical tips to sharpen your offensive game.
Let’s dive into the world of threat actors posing as remote employees. We’ll uncover their tricks, from passing background checks with mules to what they do once they’re hired. Plus, we’ll share practical tips to spot these imposters before and after they get in.
Takeaways:
- Understand fake remote employee threats.
- Know how to detect fictitious employee scams and how to prevent them.
- Learn key steps in investigating fake remote employee scams.
Traditional penetration tests often miss the mark, failing to replicate the real-world tactics of today's sophisticated threat actors. In this session, Alex Holden, CISO of Hold Security, cuts through the noise and reveals how to transform your pen testing program with actionable threat intelligence.
You'll discover the latest attack trends and learn practical methods to simulate realistic cyber threats against your own defenses. From vulnerability exploitation to ransomware and social engineering, this session provides a hands-on guide to assessing your security readiness against the attacks that matter most right now. Leave with a clear roadmap to build a more resilient and threat-informed security posture.
Key Takeaways
- Understand the limitations of traditional pen testing and why threat intelligence is crucial
- Learn practical techniques for incorporating real-world attack simulations into your security assessments
- Gain a framework for building a more resilient and proactive security posture based on actionable threat intelligence
Application security remains one of the most complex challenges in cybersecurity. Unlike traditional infrastructure, applications are difficult to test across all possible attack vectors, and security failures can lead to devastating breaches.
In this session, we will explore emerging threats based on insights from the dark web and real-world incident response cases. We’ll dive into vulnerabilities in various application environments, flaws in business logic, next-generation penetration testing scenarios, and the evolving risks of AI manipulation by threat actors.
Forget textbook phishing templates and generic vishing scripts. This talk dives deep into the psychology, culture, and behavior of real-world threat actors and shows how we turn their own tactics against them. We’ve been successfully using social engineering techniques against cyber threat actors for decades, and in this presentation, I’ll share some of the key techniques and approaches that have made this possible.
Monitoring the Dark Web for threats targeting your organization or industry will enhance your ability to understand the real and ever-changing threat landscape to prevent breaches. Learn the practical approach of deriving value from Threat Intelligence and Dark Web monitoring.
