Social Engineering - The Devil is in the Details

IMG_0179.JPG

 

Who AM I?

Zurich, August 10 - 2017

Most of us know what Social Engineering is, having read for example Kevin Mitnick's books, or working for an information security company which regularly reminds the staff on how to avoid attacks. Unfortunately, some of us may have even learned what Social Engineering is after having been victims of Social Engineering techniques.

Ivano Somaini, on the contrary, made Social Engineering his profession but in a legally and ethically correct way. On August 10., in the premises of the Impact Hub in Zurich, Ivano gave us a short but exciting insight in his daily work. Ivano is Regional Manager Bern of Compass Security Schweiz AG, an IT security firm specialized among others in testing "devices, networks, services, and applications for vulnerabilities" (see https://www.compass-security.com/en/); the penetration tests carried out by Ivano instead have the purpose to "test the behavior and processes"  of whole organizations. He uses Social Engineering techniques to attack companies by order of such companies, which want to test how vulnerable they are.

During a lively presentation (content can be retrieved from https://www.compass-security.com/fileadmin/Datein/Research/Praesentationen/beer-talk_social_engineering_the_devil_is_in_the-detail_03-15_jona_bern.pdf), Ivano gave us some theoretical background on Social Engineering, but even more interesting has been the description of real cases of penetration attacks he carried out. Ivano answered many questions from interested old and new Swissintell members; after the presentation, the discussion continued as he joined us for drinks (and tasty finger food, too!). A huge thank to Ivano Somaini and all participants for a successful event!