Mauro Verderosa

Getting under the skin: The Social Engineering techniques

What is the one security vulnerability that can't be patched? The human. Learn the psychological tricks attackers use to bypass your best defenses.

Getting under the skin: The Social Engineering techniques
#1about 7 minutes

The 1978 heist that pioneered social engineering

Stanley Mark Rifkin exploited procedural manuals and used pretexting to steal millions from a bank without any technical hacking.

#2about 3 minutes

Understanding the five main motivations for cybercrime

Cyber attacks are driven by distinct goals, including financial gain, business competition, political influence, ideology, or simple curiosity.

#3about 5 minutes

What social engineering is and its real-world impact

Social engineering is the psychological manipulation of people to divulge information, as seen in major breaches at companies like RSA and Sony.

#4about 7 minutes

An overview of common social engineering attack techniques

Attackers use various methods like pretexting, phishing, baiting, and tailgating to trick victims into compromising security.

#5about 2 minutes

Psychological triggers that make social engineering effective

Attacks succeed by exploiting human emotions and cognitive biases such as authority, guilt, panic, desire, and greed.

#6about 4 minutes

Deconstructing real-world phishing and vishing attacks

A simple phishing email is analyzed for pressure tactics, followed by a vishing example where an attacker impersonates a spouse to gain account access.

#7about 5 minutes

Understanding the complete social engineering attack lifecycle

A successful attack follows distinct phases, from initial reconnaissance and scanning to lateral movement, data exfiltration, and finally covering tracks.

#8about 6 minutes

A step-by-step case study from Mr. Robot

An elaborate attack demonstrates how gathering small, public details from social media and real-world observation leads to a full account compromise.

#9about 5 minutes

Key takeaways and defenses against social engineering

The most effective defense against social engineering is continuous employee training and fostering a security-aware culture to patch the human vulnerability.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Demonstrating deepfake attacks and social engineering
03:11 MIN

Demonstrating deepfake attacks and social engineering

The AI Elections: How Technology Could Shape Public Sentiment

A social engineering attack using a personal email
03:16 MIN

A social engineering attack using a personal email

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Q&A on social engineering and a career in security
27:22 MIN

Q&A on social engineering and a career in security

Stranger Danger: Your Java Attack Surface Just Got Bigger

How to recognize and avoid sophisticated phishing attacks
06:42 MIN

How to recognize and avoid sophisticated phishing attacks

WeAreDevelopers LIVE - Markdown, Liquid and Checkouts

Why developers make basic cybersecurity mistakes
02:26 MIN

Why developers make basic cybersecurity mistakes

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Why attackers use prompt injection techniques
05:38 MIN

Why attackers use prompt injection techniques

Manipulating The Machine: Prompt Injections And Counter Measures

How attackers use AI to refactor exploits
04:40 MIN

How attackers use AI to refactor exploits

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Q&A: Career advice for aspiring security professionals
08:18 MIN

Q&A: Career advice for aspiring security professionals

Walking into the era of Supply Chain Risks

Featured Partners

Related Videos

See all videos
The attacker's footprint
2:08:06

The attacker's footprint

Antonio de Mello & Amine Abed

You can’t hack what you can’t see
29:34

You can’t hack what you can’t see

Reto Kaeser

Cyber Security: Small, and Large!
37:32

Cyber Security: Small, and Large!

Martin Schmiedecker

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR
40:38

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

Anna Bacher

Skynet wants your Passwords! The Role of AI in Automating Social Engineering
31:19

Skynet wants your Passwords! The Role of AI in Automating Social Engineering

Wolfgang Ettlinger & Alexander Hurbean

Cracking the Code: Decoding Anti-Bot Systems!
57:47

Cracking the Code: Decoding Anti-Bot Systems!

Fabien Vauchelles

Typed Security: Preventing Vulnerabilities By Design
58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Security Pitfalls for Software Engineers
27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

Related Articles

View all articles
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
Daniel Cranney
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!
Inside last week’s Dev Digest 214 . 🕵️ Claude source code leaked, analysed and re-written in 2 days 🐙 GitHub auto-opts users into feeding their code to train their AI 🌐 Pretext shows how to show complex text rendering in the browser 🤖 How to securin...
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!

From learning to earning

Jobs that call for the skills explored in this talk.

Cyber Security Engineer

Cyber Security Engineer

JLA Resourcing Ltd
Twickenham, United Kingdom

£182-195K
Linux
DevOps
Network Security
Agile Methodologies