Hacking Humans

Social Engineering works because we're human.
A flood of misinformation and fake news.
Gaming pro athletes online.
Playing on kindness.
Separating fools from money.
Phone scams, phantom employees and sitting Ducks.
Presidential prank, pensioner pilfered.
Think like an attacker.
Nothing up my sleeve.
Luring unsuspecting money mules.
Focus, technology, and training fight phishing.
Sometimes less is more.
Telling the truth in a dishonest way.
Red teaming starts with research.
Real estate transactions in the crosshairs.
Influence versus manipulation.
Stringing along a scammer.
Kidnappers, robots and deep fakes.
Easier to trick than to hack.
Information is the life blood of social engineering.
Waste my time and I'll waste yours back.
Fear, flattery, greed and timing.
Scams are fraud and fraud is crime.
Human sources are essential.
CEOs can be the weakest link.
Be very aware of your desire to be right.
Bringing trust to a trustless world.
A pesky problem that doesn't go away.
Truth emerges from the clash of ideas.
At some point you're probably going to have to do some running.
Trained humans are your strongest link.
Prisoners have nothing but time.
Opening your eyes to the reality in which we live.
The excitement of tricking someone wears off quickly.
Make it seem like the real answer is impossible to know.
The trauma is multifactored.
Stop and think before you click that link.
Delivering yourself to a kidnapper.
Don't assume younger people get it.
When we rush we make bad decisions.
Kids are a great target.
Pick a persona to match the goal.
Girl Scouts empowering cyber security leaders.
Scammers have no ethics whatsoever.
I have been practicing honesty and truthfulness my whole life.
Let's play, "Covered by cyber insurance — true or false?"
Twitter bots amplifying divisive messages.
A data-driven approach to trust.
Live at KB4CON 2019.
People aren't perfectly rational.
Be willing to admit you don't know everything.
The best way to break in is to walk through the front door.
Just because I trusted you yesterday doesn't mean I trust you today.
The knowledge / intention behavior gap.
Be wary of all emails.
Encore — Separating fools from money.
Know and spot the patterns.
The skills gap disconnect.
Looking after Dad.
Images are the language of the brain.
Positive pretexting on the rise.
Swamping search results for reputation management.
Backups backups backups.
Securing your SMS.
Think before you post.
An ethical hacker can be a teacher.
Algorithms controlling truth in our society.
The usefulness of single sign on.
The ultimate hacking tool.
Don't trust ransomware to tell you its real name.
The fallacy of futility.
The ability to fundamentally deceive someone.
Don't dismiss the fraudsters.
The Malware Mash!
When you are the target, objectivity is gone.
Skepticism is the first step.
Security has to be friendly.
I really wanted that shed.
If you didn't ask for it don't install it.
Managing access and insider threats.
Telling The Truth In A Dishonest Way - Rebroadcast
Leading by example and positive reenforcement.
Ransomware is a reality.
Life in the (second) age of pirates.
Flipping the script.
They had no idea.
I wouldn't want my computer to be disappointed.
Fake news and misplaced trust.
Hi, I'm trying to steal your money.
The art of cheating.
Don't go looking for morality here.
Winking emoji.
Disinformation vs. misinformation.
Paging Dr. Dochterman.
Shedding light on the human element.
Even famous people get scammed.
They're getting smart, but we're getting smarter.
Wallet inspector.
Passwords are the easiest things to steal.
Exploiting our distractions. 
Every day you're a firefighter.
How scammers fill the gap.
Wearing a mask in the Oval Office.
HH Extra - Happy 100 shows!
Seniors and millennials more alike than people think.
Presenting: Ask more people to dance. - Career Notes
Taking a selfie with your ID.
It can happen to anybody.
Close in your pajamas.
Because they deserve the money!
Send me money so I know you are real.
A little dose of skepticism.
Never think of security as a destination.
Be the custodian of your own digital identity.
Ignore the actor, focus on the behavior.
NMAP (noun) [Word Notes]
Flying under the radar.
Zero-day (adjective) [Word Notes]
Many times it is less sophisticated than we think.
man trap (noun) [Word Notes]
Take a deep breath.
social engineering (noun) [Word Notes]
It's evolving rapidly and getting more furious by the minute.
penetration test (noun) [Word Notes]
The story is what gets people in.
cross-site scripting (noun) [Word Notes]
Your information is already on the Dark Web.
The Bombe (noun) [Word Notes]
It's human nature.
credential stealing (verb) [Word Notes]
Cookies make for some tasty phishing lure.
phishing (verb) [Word Notes]
Don't click any button...even the 'No' button.
darknet (noun) [Word Notes]
Use a Dance Dance Revolution floor lock for your data centers.
rogue access point (noun) [Word Notes]
What is true and important versus what is the spin.
anagram (noun) [Word Notes]
New consequences, extortion and cyber insurance.
The Malware Mash!
David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]
business email compromise or BEC (noun) [Word Notes]
Too good to be true.
remote access Trojan or RAT (noun) [Word Notes}
Ransomware: Statistically, it's likely to happen to anybody.
Network Detection and Response (NDR) (noun) [Word Notes]
shadow IT (noun) {Word Notes]
The public's expectations are changing.
port mirroring (noun) [Word Notes]
Encore: Wearing a mask in the Oval Office and the art of deception.
smishing (SMS phishing) (noun) [Word Notes]
Network Time Protocol (NTP) attack (noun) [Word Notes]
Going behind the scenes and preventing social engineering in financial institutions.
Virtual Private Network (VPN) (noun) [Word Notes}
cyber threat intelligence (CTI) (noun) [Word Notes]
The landscape has shifted for holiday shopping to online.
identity theft (noun) [Word Notes]
Phishing lures that may be in your inbox soon, and how to deal "left of bang."
rootkit (noun) [Word Notes]
tactics, techniques and procedures (TTPs) (noun) [Word Notes]
Encore: Separating fools from money. [Hacking Humans]
deep packet inspection (DPI) (noun) [Word Notes]
Encore: Don't go looking for morality here. [Hacking Humans]
Unix (noun) [Word Notes]
fuzzing (noun) [Word Notes]
Combating growing online financial fraud.
greyware (noun) [Word Notes]
As B2C interactions shift online, call centers become new fraud vector.
Daemon (noun) [Word Notes]
Targeted phishing campaigns and lottery scams abound.
unified extensible firmware interface (UEFI) (noun) [Word Notes]
Covid has shifted the way we deal with money and increased fraud.
endpoint (noun) [Word Notes}
Understanding human behavior is a key to security.
APT side hustle (noun) [Word Notes]
In the disinformation and misinformation crosshairs.
ATM skimming (noun) [Word Notes]
Including your passwords in your final arrangements.
taint analysis (noun) [Word Notes]
How likely are online users to reveal private information?
supply chain attacks (noun) [Word Notes]
Fraud activity within secure messaging apps in plain sight.
SOC Triad (noun) [Word Notes]
Insider threats and security concerns for APIs.
network telescope (noun) [Word Notes]
Ideally, look for someone open to deception.
watering hole attack (noun) {Word Notes]
Technology is not designed for older users.
backdoor (noun) [Word Notes]
The pandemic is slowing, time to travel?
APT (noun) [Word Notes]
Finding targets of opportunity.
cloud computing (noun) [Word Notes]
Being aware can go a long way to prevent attacks.
cold boot attack (noun) [Word Notes]
Make systems to mitigate the mistakes.
denial-of-service attack (noun) [Word Notes]
Anyone can be a target of romance scams.
brute-force attack (noun) [Word Notes]
Digital identities are at the core of recent breaches.
decryption (noun) [Word Notes]
How to best fight fake news.
SaaS (noun) [Word Notes]
Introducing 8th Layer Insights [Trailer]
Whaling attacks are more targeted than phishing or spearphishing.
intelligence (noun) [Word Notes]
Hacking people vs. hacking technologies to get into companies.
machine learning (noun) [Word Notes]
The fight in the dog.
multi-factor authentication (noun) [Word Notes]
Pandemic taxes: later due dates afford more time for scams.
non-fungible tokens (NFT) (noun) [Word Notes]
Answering a job ad from a ransomware gang.
keylogger (noun) [Word Notes]
Bad password hygiene jeopardizes streaming services.
encryption (noun) [Word Notes]
An inside view on North Korean cybercrime.
fast flux (noun) [Word Notes]
Collaboration, data portability, and employee mobility fuel insider risk.
Introducing 8th Layer Insights: Deceptionology 101: Introduction to the Dark Arts
next generation firewall (noun) [Word Notes]
Threat actors changing ransomware tactics.
red teaming (noun) [Word Notes]
It's ok to be trusting, just be careful.
secure access service edge (SASE) (noun) [Word Notes]
What are our devices doing to our compassion?
personally identifiable information (PII) (noun) [Word Notes]
Acceleration of our digital lives and impacts on cybercrime.
security orchestration, automation, and response (SOAR) (noun) [Word Notes]
The attackers keep coming every single day.
sandbox (noun) [Word Notes]
Effective cybersecurity training has to be meaningful to employees.
script kiddies (noun) [Word Notes]
Companies don't want their customers to be victims of fraud.
incident response (noun) [Word Notes]
Don't blindly test your colleagues.
cybersecurity maturity model certification (CMMC) (noun) [Word Notes]
Collaboration platforms are a gateway for ransomware attacks.
dead-box forensics (noun) [Word Notes]
Sometimes, deepfake victims don't want to be convinced it is fake.
common vulnerabilities and exposures (CVE) (noun) [Word Notes]
They won't ask for sensitive information over the phone.
lateral movement (noun) [Word Notes]
Capture the Flag, Black Badges and social engineering tricks.
Executive Order on Improving the Nation's Cybersecurity (noun) [Word Notes]
Measuring security awareness proactively.
endpoint security (noun) [Word Notes]
Physical pen testing: You've got to be able to think on your feet.
bulletproof hosting (noun) [Word Notes]
Joekens, Bittnercoins, and the serious impacts of spam analysis.
digital transformation (noun) [Word Notes]
Good grammar is essential for business email compromise.
The Malware Mash!
cybersecurity skills gap (noun) [Word Notes]
Cybersecurity awareness should be a year-round activity.
OT security (noun) [Word Notes]
Let's go to the movies. [Hacking Humans Goes to the Movies]
zero trust (noun) [Word Notes]
A good amount of skepticism helps protect you online.
software bill of materials (SBOM) (noun) [Word Notes]
Misdirection and layering with a con in the middle. [Hacking Humans Goes to the Movies]
vulnerability management (noun) [Word Notes]
Do you really want that device to be a connected device?
threat hunting (noun) [Word Notes]
Scams abound this time of year.
account takeover prevention (noun) [Word Notes]
The 3 M's: Minimize, monitor and manage.
OWASP cryptographic failures (noun) [Word Notes]
Conmen come in many flavors, all motivated by greed. [Hacking Humans Goes to the Movies]
Even if a cause moves you, do your due diligence.
Hustling the hustler and three-card Monte. [Hacking Humans Goes to the Movies]
The CyberWire: The 12 Days of Malware.
Encore: zero trust (noun) [Word Notes]
Identity "protection" and a pigeon drop. [Hacking Humans Goes to the Movies]
OWASP injection (noun) [Word Notes]
Changing the game on ransomware.
Log4j vulnerability (noun) [Word Notes]
The only locks you should pick are your own.
OWASP insecure design (noun)
The perfect environment for ATOs (account takeovers) to breed.
OWASP security misconfiguration (noun) [Word Notes]
Useful ransomware protection for you.
OWASP broken access control (noun) [Word Notes]
The ransomware game has evolved.
How to talk your way in anywhere. [Hacking Humans Goes to the Movies]
OWASP identification and authentication failures (noun) [Word Notes]
If you wish for peace, prepare for cyberwar.
OWASP security logging and monitoring failures (noun) [Word Notes]
Vulnerabilities will be found.
Hustling the hustlers. [Hacking Humans Goes to the Movies]
OWASP server-side request forgery (noun) [Word Notes]
A blurring of lines between nation states and criminals.
OWASP software and data integrity failures (noun) [Word Notes]
Phishing seems to be cyclical and thematic.
OWASP vulnerable and outdated components (noun) [Word Notes]
Technology's effects on students during the pandemic.
BSIMM (noun) [Word Notes]
Data privacy: is it black and white when it comes to your kids?
adversary group naming (noun) [Word Notes]
What's behind Buy Now, Pay Later scams?
Cons: the short one and the first one. [Hacking Humans Goes to the Movies]
Universal 2nd Factor (U2F) [Word Notes]
Robocall scams and the psychology surrounding them.
Software Assurance Maturity Model (SAMM) (noun) [Word Notes]
Online threats turned real world danger.
Shields Up (noun) [Word Notes]
Magic, illusion, and scams, oh my.
Domain-based Message Authentication Reporting Conformance (DMARC) (noun) [Word Notes]
On the front lines of fraud protection.
Cons through and through. [Hacking Humans Goes to the Movies]
Pegasus (noun) [Word Notes]
The dark side of business email attacks.
Agile Software Development Method (noun) [Word Notes]
Encore: The attackers keep coming every single day.
Waterfall Software Development Method (noun) [Word Notes]
Business phishing: Who's biting the bait?
MITRE ATT&CK (noun) [Word Notes]
Voice authentication taking hold.
DevOps (noun) [Word Notes]
Combating social engineering.
MITRE ATT&CK (noun) [Word Notes]
Is ransomware getting too fast?
Diamond Model (noun) [Word Notes]
What to look out for with scan-and-exploit cyber attacks.
Identity Orchestration (noun) [Word Notes]
The great resignation and data exposure challenges.
Intrusion Kill Chain (noun) [Word Notes]
North Korea and a global cyber war.
Identity Fabric (noun) [Word Notes]
The top 10 brand names most likely used in a phishing scheme.
Abstraction layer (noun) [Word Notes]
Human errors and why they're made.
Identity access management (IAM) (noun) [Word Notes]
Behavioral science in the world of InfoSec.
Web 3.0 (noun)
Extortion scams and the LGBTQ+ community.
A return to office means a return to email scams.
Private Network Access (PNA) (noun) [Word Notes]
Making the world a safer online place.
Trusted Platform Module (TPM) (noun) [Word Notes]
Staying away from Medicare scams.
Pseudoransomware (noun) [Word Notes]
Scams in the media.
Anti-cheat software (noun) [Word Notes]
Encore: Sometimes, deepfake victims don't want to be convinced it is fake.
Policy Orchestration (noun) [Word Notes]
Is there a growing number of public and private partnerships forming?
Homograph phishing (noun) [Word Notes]
A travel surge and a host of different scams.
Microsegmentation (noun) [Word Notes]
Is inflation affecting the Dark Web?
It pays to do your research. [Hacking Humans Goes to the Movies}
Sideloading (noun) [Word Notes]
The rise in fraudulent online content.
Simulated Phishing (noun) [Word Notes]
A cryptoqueen on the run and the cons she got away with.