In the course of the last few years I launched a lot of different attacks in our company (60+ teammates) and with some of them, I had a success rate of 70%. From getting people’s Facebook accounts or access to their LastPass accounts to custom written malware.
The threat that anyone can steal your customer data is a potential killer of any (financial) company. Being suspicious and aware of all potential phishing attacks and other traps is a must.
In this talk we will look at the practical (dark) examples I have executed and why Python was the best language of choice. From social engineering (sophisticated phishing attacks), custom malware, dropping nasty USB drives on the street to technical/network attacks.
When you want to be really successful in doing social engineering you need to prepare the ultimate user experience. You can not make a mistake and you can not overlook little details (that usually happens if you develop your own apps/websites). Those little details make UX in your app/website awesome (if you are on the good side) but can be exploited pretty easily by the dark side.