We unleashed Drew “n3farious” Perry again last week at the annual ITC “Safe & Secure” conference in London. He demonstrated “live” for a select audience, techniques he uses in real-world red team engagements to compromise human targets and large buildings with social engineering and phishing.
Using open source intelligence techniques, he showed the dangers of password reuse, how much company data is available on the open web, and how malicious actors or competitors can use this data during reconnaissance stages of an attack.
Ron Moultrie, Former Operations Director US National Security Agency, also gave an excellent talk about his experience in the hot seat while the NSA faced an unprecedented issue in 2013 and reinforced the exact reasons why clicking on links is bad and how insider threats can exploit human trust.
In our private meeting space, we demonstrated multiple real-world style threats and attacks that are faced every day:
- The dangers of password reuse and how 3rd party compromise can leave your company credentials exposed
- Live scanning of AWS Amazon S3 buckets to discover leaks and sensitive company data
- How to compromise an unpatched endpoint with Word Documents (Macro-less DDE Exploit) via Phishing
- Demonstration of bug/listening devices and why bug sweeps are important
If you would like your own personal demo of Phishing, Open Source Intelligence, AWS S3 Bucket Exposure, or Social Engineering get in touch!