[00:06:35] I wanted to be a neuroscience major and promptly sucked at school and there were a lot of tears along the way but I did end up getting my double major in neuroscience and cognitive and behavioral psychology [00:06:48]
This time TMHC was privileged to host Rachel Tobac talking mostly about social engineering. Rachel is CEO & Co-founder SocialProof Security and Board Member of WISP (Women in Security & Privacy). She specializes in Social Engineering and has been a winner of DEFCON Social Engineering Capture the Flag competition, 3 years in a row.
Some of the topics covered:
- neuroscience, cognitive psychology, DEF CON -> social engineering expert;
- why does social Engineering work?
- war stories from the field;
- Women in Security and Privacy: helping women find their spot in infosec, DEF CON scholarships;
- rant of the show: users are not stupid.
plus, as always, a ton of questions from our fantastic audience.
Some key excerpts:
- [00:10:07] the very first thing that I did is I called my insurance company and I tried to get information about me without authenticating the correct way and see if you can do that - see you can talk yourself through that situation and do OSINT enough to be able to accomplish that [00:10:22],
- [00:30:20] Anybody who loves working at the company and loves posting about it on Instagram and joking and tagging; I have been able to find and be successful in about three hours for the majority my of clients [00:30:32],
- [00:36:37] that pretext works but you probably delivered it with more confidence that anyone ever has because you legitimately believed it [00:36:44],
- [00:50:12] Every social engineer I know has been successfully phished, every single one [00:50:16],
- [01:06:34] we want to send more women and give them more opportunities to find a future boss a future mentor and these things happen because last year we sent 57 women to DEF CON in each scholarship of $780 [01:06:46],
- [01:15:15] infosec Twitter sometimes is a dumpster fire, but most of the time it's pretty great. So I would say absolutely make a Twitter follow people join in on the conversation [01:15:24].
Places on the Internet to see:
- People to follow: https://twitter.com/humanhacker
- 6 principles of persuasion: https://www.influenceatwork.com/principles-of-persuasion/
- Women In Security and Privacy: https://www.wisporg.com/ and https://twitter.com/wisporg
- Rachel's talk at KringleCon: https://www.youtube.com/watch?v=L5J2PgGOLtE