Hacking Humans

Social Engineering works because we're human.
A flood of misinformation and fake news.
Gaming pro athletes online.
Playing on kindness.
Separating fools from money.
Phone scams, phantom employees and sitting Ducks.
Presidential prank, pensioner pilfered.
Think like an attacker.
Nothing up my sleeve.
Luring unsuspecting money mules.
Focus, technology, and training fight phishing.
Sometimes less is more.
Telling the truth in a dishonest way.
Red teaming starts with research.
Real estate transactions in the crosshairs.
Influence versus manipulation.
Stringing along a scammer.
Kidnappers, robots and deep fakes.
Easier to trick than to hack.
Information is the life blood of social engineering.
Waste my time and I'll waste yours back.
Fear, flattery, greed and timing.
Scams are fraud and fraud is crime.
Human sources are essential.
CEOs can be the weakest link.
Be very aware of your desire to be right.
Bringing trust to a trustless world.
A pesky problem that doesn't go away.
Truth emerges from the clash of ideas.
At some point you're probably going to have to do some running.
Trained humans are your strongest link.
Prisoners have nothing but time.
Opening your eyes to the reality in which we live.
The excitement of tricking someone wears off quickly.
Make it seem like the real answer is impossible to know.
The trauma is multifactored.
Stop and think before you click that link.
Delivering yourself to a kidnapper.
Don't assume younger people get it.
When we rush we make bad decisions.
Kids are a great target.
Pick a persona to match the goal.
Girl Scouts empowering cyber security leaders.
Scammers have no ethics whatsoever.
I have been practicing honesty and truthfulness my whole life.
Let's play, "Covered by cyber insurance — true or false?"
Twitter bots amplifying divisive messages.
A data-driven approach to trust.
Live at KB4CON 2019.
People aren't perfectly rational.
Be willing to admit you don't know everything.
The best way to break in is to walk through the front door.
Just because I trusted you yesterday doesn't mean I trust you today.
The knowledge / intention behavior gap.
Be wary of all emails.
Encore — Separating fools from money.
Know and spot the patterns.
The skills gap disconnect.
Looking after Dad.
Images are the language of the brain.
Positive pretexting on the rise.
Swamping search results for reputation management.
Backups backups backups.
Securing your SMS.
Think before you post.
An ethical hacker can be a teacher.
Algorithms controlling truth in our society.
The usefulness of single sign on.
The ultimate hacking tool.
Don't trust ransomware to tell you its real name.
The fallacy of futility.
The ability to fundamentally deceive someone.
Don't dismiss the fraudsters.
The Malware Mash!
When you are the target, objectivity is gone.
Skepticism is the first step.
Security has to be friendly.
I really wanted that shed.
If you didn't ask for it don't install it.
Managing access and insider threats.
Telling The Truth In A Dishonest Way - Rebroadcast
Leading by example and positive reenforcement.
Ransomware is a reality.
Life in the (second) age of pirates.
Flipping the script.
They had no idea.
I wouldn't want my computer to be disappointed.
Fake news and misplaced trust.
Hi, I'm trying to steal your money.
The art of cheating.
Don't go looking for morality here.
Winking emoji.
Disinformation vs. misinformation.
Paging Dr. Dochterman.
Shedding light on the human element.
Even famous people get scammed.
They're getting smart, but we're getting smarter.
Wallet inspector.
Passwords are the easiest things to steal.
Exploiting our distractions. 
Every day you're a firefighter.
How scammers fill the gap.
HH Extra - Happy 100 shows!
Wearing a mask in the Oval Office.
Seniors and millennials more alike than people think.
Presenting: Ask more people to dance. - Career Notes
Taking a selfie with your ID.
It can happen to anybody.
Close in your pajamas.
Because they deserve the money!
Send me money so I know you are real.
A little dose of skepticism.
Never think of security as a destination.
Be the custodian of your own digital identity.
Ignore the actor, focus on the behavior.
NMAP (noun) [Word Notes]
Flying under the radar.
Zero-day (adjective) [Word Notes]
Many times it is less sophisticated than we think.
man trap (noun) [Word Notes]
Take a deep breath.
social engineering (noun) [Word Notes]
It's evolving rapidly and getting more furious by the minute.
penetration test (noun) [Word Notes]
The story is what gets people in.
cross-site scripting (noun) [Word Notes]
Your information is already on the Dark Web.
The Bombe (noun) [Word Notes]
It's human nature.
credential stealing (verb) [Word Notes]
Cookies make for some tasty phishing lure.
phishing (verb) [Word Notes]
Don't click any button...even the 'No' button.
darknet (noun) [Word Notes]
Use a Dance Dance Revolution floor lock for your data centers.
rogue access point (noun) [Word Notes]
What is true and important versus what is the spin.
anagram (noun) [Word Notes]
New consequences, extortion and cyber insurance.
The Malware Mash!
David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]
business email compromise or BEC (noun) [Word Notes]
Too good to be true.
remote access Trojan or RAT (noun) [Word Notes}
Ransomware: Statistically, it's likely to happen to anybody.
shadow IT (noun) {Word Notes]
Network Detection and Response (NDR) (noun) [Word Notes]
The public's expectations are changing.
port mirroring (noun) [Word Notes]
Encore: Wearing a mask in the Oval Office and the art of deception.
smishing (SMS phishing) (noun) [Word Notes]
Network Time Protocol (NTP) attack (noun) [Word Notes]
Going behind the scenes and preventing social engineering in financial institutions.
Virtual Private Network (VPN) (noun) [Word Notes}
cyber threat intelligence (CTI) (noun) [Word Notes]
The landscape has shifted for holiday shopping to online.
identity theft (noun) [Word Notes]
Phishing lures that may be in your inbox soon, and how to deal "left of bang."
tactics, techniques and procedures (TTPs) (noun) [Word Notes]
rootkit (noun) [Word Notes]
Encore: Separating fools from money. [Hacking Humans]
deep packet inspection (DPI) (noun) [Word Notes]
Encore: Don't go looking for morality here. [Hacking Humans]
fuzzing (noun) [Word Notes]
Unix (noun) [Word Notes]
Combating growing online financial fraud.
greyware (noun) [Word Notes]
As B2C interactions shift online, call centers become new fraud vector.
Daemon (noun) [Word Notes]
Targeted phishing campaigns and lottery scams abound.
unified extensible firmware interface (UEFI) (noun) [Word Notes]
Covid has shifted the way we deal with money and increased fraud.
endpoint (noun) [Word Notes}
Understanding human behavior is a key to security.
APT side hustle (noun) [Word Notes]
In the disinformation and misinformation crosshairs.
ATM skimming (noun) [Word Notes]
Including your passwords in your final arrangements.
taint analysis (noun) [Word Notes]
How likely are online users to reveal private information?
supply chain attacks (noun) [Word Notes]
Fraud activity within secure messaging apps in plain sight.
SOC Triad (noun) [Word Notes]
Insider threats and security concerns for APIs.
network telescope (noun) [Word Notes]
Ideally, look for someone open to deception.
watering hole attack (noun) {Word Notes]
Technology is not designed for older users.
backdoor (noun) [Word Notes]
The pandemic is slowing, time to travel?
APT (noun) [Word Notes]
Finding targets of opportunity.
cloud computing (noun) [Word Notes]
Being aware can go a long way to prevent attacks.
cold boot attack (noun) [Word Notes]
Make systems to mitigate the mistakes.
denial-of-service attack (noun) [Word Notes]
Anyone can be a target of romance scams.
brute-force attack (noun) [Word Notes]
Digital identities are at the core of recent breaches.
decryption (noun) [Word Notes]
How to best fight fake news.
SaaS (noun) [Word Notes]
Introducing 8th Layer Insights [Trailer]
Whaling attacks are more targeted than phishing or spearphishing.
intelligence (noun) [Word Notes]
Hacking people vs. hacking technologies to get into companies.
machine learning (noun) [Word Notes]
The fight in the dog.
multi-factor authentication (noun) [Word Notes]
Pandemic taxes: later due dates afford more time for scams.
non-fungible tokens (NFT) (noun) [Word Notes]
Answering a job ad from a ransomware gang.
keylogger (noun) [Word Notes]
Bad password hygiene jeopardizes streaming services.
encryption (noun) [Word Notes]
An inside view on North Korean cybercrime.
fast flux (noun) [Word Notes]
Collaboration, data portability, and employee mobility fuel insider risk.
Introducing 8th Layer Insights: Deceptionology 101: Introduction to the Dark Arts
next generation firewall (noun) [Word Notes]
Threat actors changing ransomware tactics.
red teaming (noun) [Word Notes]
It's ok to be trusting, just be careful.
secure access service edge (SASE) (noun) [Word Notes]
What are our devices doing to our compassion?
personally identifiable information (PII) (noun) [Word Notes]
Acceleration of our digital lives and impacts on cybercrime.
security orchestration, automation, and response (SOAR) (noun) [Word Notes]
The attackers keep coming every single day.
sandbox (noun) [Word Notes]
Effective cybersecurity training has to be meaningful to employees.
script kiddies (noun) [Word Notes]
Companies don't want their customers to be victims of fraud.
incident response (noun) [Word Notes]
Don't blindly test your colleagues.
cybersecurity maturity model certification (CMMC) (noun) [Word Notes]
Collaboration platforms are a gateway for ransomware attacks.
dead-box forensics (noun) [Word Notes]
Sometimes, deepfake victims don't want to be convinced it is fake.
common vulnerabilities and exposures (CVE) (noun) [Word Notes]
They won't ask for sensitive information over the phone.
lateral movement (noun) [Word Notes]
Capture the Flag, Black Badges and social engineering tricks.
Executive Order on Improving the Nation's Cybersecurity (noun) [Word Notes]
Measuring security awareness proactively.
endpoint security (noun) [Word Notes]
Physical pen testing: You've got to be able to think on your feet.