Forget textbook phishing templates and generic vishing scripts. This talk dives deep into the psychology, culture, and behavior of real-world threat actors and shows how we turn their own tactics against them. We’ve been successfully using social engineering techniques against cyber threat actors for decades, and in this presentation, I’ll share some of the key techniques and approaches that have made this possible.
Penetration testers and red teamers often rely on a variety of tricks and tips to gain an advantage, but only a few share the truly game-changing insights. In our pen testing and red teaming practice we do not take these techniques from classrooms; we develop them through field experience and enrich them by observing real threat actors while adapting their methods. In this presentation, we’ll cover five such techniques that can produce critical findings and significantly enhance your pen testing and red teaming efforts.