Black Hat USA 2018 - Qualitative Look at Autonomous Peer Communication's Impact on Phishing...
Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection
The purpose of an information security awareness program serves to protect business data through user education to properly handle constant information security threats and to minimize its impact to the individual and the organization. Past research has not offered comprehensive studies involving an established security awareness program that uses both end user training and marketing tools to communicate and create awareness. Instead, these studies focused on the impact of data loss and addressing the importance of establishing user awareness.
The Office of Information Security at Mayo Clinic has established an ongoing enterprise-wide security awareness program. With the help of Information Security Ambassadors to assist in the delivery of this message, the study explores the lived experiences of this peer group to determine the impact of autonomous peer influence as it relates to phishing detection than to rely on technology alone.
Significance of this research will help identify if and how much peer influence promotes learning and user adaptation to safeguard users from malicious phishing in both the business and the private environment. This phenomenological approach aims to assist in the designing of a multifaceted security awareness approach to promote behavior change among a diverse population. ... https://www.youtube.com/watch?v=SvEKU5CjxEk
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=61OFj5GlK2M
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=xH4k6RYN3i0
This talk covers tag-side attacks against NFC communication protocols, including cracking of Mifare encryption keys and performing targeted attacks against NFC readers. In addition, it will cover the design and creation of devices capable of emulating NFC tags down to the raw protocol using standard components and tools, with no abstraction to dedicated hardware, covering and expanding on the capabilities of available products. This talk will contain how 13.56MHz NFC works at a raw level, how tools can be built for analysing it, how the protocol can be implemented in full on standard Microcontrollers, and the security weaknesses present in its design.
...
https://www.youtube.com/watch?v=7FPvCwo5Ib0
Financial institutions, home automation products, and hi-tech offices have increasingly used voice fingerprinting as a method for authentication. Recent advances in machine learning have shown that text-to-speech systems can generate synthetic, high-quality audio of subjects using audio recordings of their speech. Are current techniques for audio generation enough to spoof voice authentication algorithms? We demonstrate, using freely available machine learning models and limited budget, that standard speaker recognition and voice authentication systems are indeed fooled by targeted text-to-speech attacks. We further show a method which reduces data required to perform such an attack, demonstrating that more people are at risk for voice impersonation than previously thought.
...
https://www.youtube.com/watch?v=BnwTWuDKTkM
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=N77c40xQMYY
Dennis Maldonado (AKA Linuz) Security Consultant - LARES Consulting
Medic (Tim McGuffin) Security Consultant - LARES Consulting
With minimal to no effort, we can gain SYSTEM level access to hundreds, if not, thousands of machines on the internet [remotely]. No, this is not a new super 1337 exploit and no this is not even a new technique. No super fancy website with poorly designed logo is necessary, there is nothing new here. Tim and Dennis have discovered that something only stupid sysadmins would do turns out to be much more prevalent than expected. What starts off as a sysadmin's innocent attempt to fix an issue, turns into complete compromise of entire servers/workstations with no effort needed from the attacker. Tim and Dennis will discuss how we came to this realization and explain how we automated looking for these issues in order to find hundreds of vulnerable machines over the internet. Tim and Dennis explain the tool developed for automation, provide statistics discovered from our research, and go over ways to protect yourself from falling victim to the issue.
Dennis Maldonado is a Security Consultant at LARES Consulting. His current work includes penetration testing, infrastructure assessments, red teaming, and security research. Dennis’ focus is encompassing all forms information security into an assessment in order to better simulate a real world attack against systems and infrastructure. As a security researcher and evangelist, Dennis spends his time sharing what he knows about Information Security with anyone willing to learn. Dennis is a returning speaker to DEF CON and has presented at numerous workshops and meet-ups in the Houston area. Dennis co-founded Houston Locksport in Houston, Texas where he shares his love for lock-picking physical security as well as Houston Area Hackers Anonymous (HAHA), a meet-up for hackers and InfoSec professionals in the Houston area.
Twitter: @DennisMald
Tim was voted "most likely to be indicted" by his high school senior class, but has since gone on to gain the trust of large organizations and their executive management, which may or may not be a good thing. He holds a few industry certifications and is a member of a few security organizations, but considers his insomnia and attention deficit problems far more important to his career.
Twitter: @NotMedic
...
https://www.youtube.com/watch?v=saFKjW-hMCE
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=crwXNdOFqkc
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=IpGr6dZqeQk
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=0LA8tTKAfK0