social engineering Archives - Jean-Christoph von Oertzen

Webinar takeaway – Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse

jean-christoph — Wed, 19 Jan 2022 20:26:26 +0000

My key takeaways PC Cyborg AIDS trojan in 1998 => first known ransomware $189 asked as ransom CryptoLocker, 2013 first to ask for Bitcoin "Ransomware 2.0", from 2019 made backups less of a protection the access to the victim becomes the "gold" Todays ransomware workflow stager look around (trickbot) and calling home (C2 server) if […]

The post Webinar takeaway – Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse appeared first on Jean-Christoph von Oertzen.

Event takeaway: Layer8 Conference

jean-christoph — Fri, 08 Oct 2021 22:59:07 +0000

My key takeaways HUMINT phrases to identify background characteristics an interesting OSINT aspect in conversation is special prononciation of certain words identifying the persons origin List of words of identifiers per language The great casino heist: key takeaways from my first big social engineering engagement "get out of jail"-cards must be signed to work career […]

The post Event takeaway: Layer8 Conference appeared first on Jean-Christoph von Oertzen.

Event takeaways: BSidesMeSh21 – day 1

jean-christoph — Mon, 21 Jun 2021 16:34:29 +0000

My key takeaways Security in sprints vs whole security sprints? Smaller activities from the very beginning. It is not full time, but always ongoing. And maybe, if the situation is very tricky, entire sprints might be necessary, too. — Thomas Fricke Kubernetes does its best to be secure inside. Unfortunatly it is not configured so […]

The post Event takeaways: BSidesMeSh21 – day 1 appeared first on Jean-Christoph von Oertzen.

Webinar takeaways: Deepfakes – Gefahren und Herausforderungen

jean-christoph — Fri, 18 Jun 2021 16:42:17 +0000

My key takeaways the fragmentation of the media landscape made deepfakes relevant deepfakes still need a lot of training material no data, no deep fake voice is still an issue (delay, monotonie), but AI technology is developing fast attackers may just find someone with a similar voice then trying to generate the voice artificially the […]

The post Webinar takeaways: Deepfakes – Gefahren und Herausforderungen appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Learn to Detect and Defend Against Supply Chain Attacks Before They Compromise Your Network

jean-christoph — Wed, 16 Jun 2021 19:35:55 +0000

My key takeaways First trojan probably was implemented 1983 by Ken Thompson, who invented Unix, C,.. He also warned back then: "You can’t trust code that you did not totally create yourself" Brand new hardware from the factory can be infected by malicious code as well Also open source software is constantly compromised example of […]

The post Webinar takeaway: Learn to Detect and Defend Against Supply Chain Attacks Before They Compromise Your Network appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Setting the Trap – Crafty Ways the Bad Guys Trick Your Users to Own Your Network

jean-christoph — Wed, 26 May 2021 19:23:04 +0000

My key takeaways Hafnium exploited the vulnerability shortly after M$ showed it in the MAP program group. Coincidence? A DC usually runs DNS, so easy to find for an attacker patch before the FBI will do it for you pretexting might be even more effective then phishing example: Teenager compromised Twitters god mode panel through […]

The post Webinar takeaway: Setting the Trap – Crafty Ways the Bad Guys Trick Your Users to Own Your Network appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Why a Security Awareness Program Isn’t Enough to Secure Your Network

jean-christoph — Tue, 27 Apr 2021 18:25:53 +0000

My key takeaways Humans are the de-facto top choice for cybercriminals seeking to gain access into an organization. Security Awareness & frequent simulated social engineering testing is a proven method to reduce your organization’s phish prone percentage. The ideal situation for a cyber criminal or social engineer is to hijack the OODA loop by creating […]

The post Webinar Takeaway: Why a Security Awareness Program Isn’t Enough to Secure Your Network appeared first on Jean-Christoph von Oertzen.

WEBINAR TAKEAWAY: When the Bad Guys Hide in Plain Sight: Hacking Platforms You Know and Trust

jean-christoph — Wed, 09 Dec 2020 20:40:43 +0000

MY KEY TAKEAWAYS already 20 years ago, Kevin Mitnick testified before US Senate and highlighted social engineering and the need for training. Still today changing human behaviour is most times the weakest point. threat actors have almost unlimited time to do extensive research before an attack, so they are extremly good at buidling the trust […]

The post WEBINAR TAKEAWAY: When the Bad Guys Hide in Plain Sight: Hacking Platforms You Know and Trust appeared first on Jean-Christoph von Oertzen.