SECTF4Kids – Back for DEF CON 23

SECTF4Kids-2

Prepare your family as it’s just about that time for SEORG and the SEVillage at DEF CON to start accepting registrants for the #SECTF4Kids competition to be held Saturday, August 8th at DEF CON 23. Last year’s competition kept the kids and their parents busy almost the whole day. We can’t tell you how rewarding it was to have the kids work so diligently to finish all the activities and puzzles. Even though a winning team had already finished, other teams were having so much fun that they pushed on in order to complete the competition. It made the hours and hours (and hours!) we put into designing the thing worth it!

Continue Reading >

Social Engineering the Classroom

6a010535f9f0cc970c0120a5f551f5970c-800wi

There are those who loved school and those who, like Ferris Bueller, loved getting out of school. You really can’t get much more classic SE than Ferris Bueller’s Day Off, but where the movie focused on the power of manipulation and rapport to escape, SEORG is getting more and more reports of students focused on Continue Reading >

What comes after the huffing and puffing?

pigs2

In the midst of all the recent articles about information breaches, a trend is emerging. We seem to be hearing more lately that prevention of breaches, while not to be ignored, should not be the sole focus of digital or physical security programs. More news articles, tweets from the infosec community, and even commercial products Continue Reading >

Implicit Bias – Chances Are, You Have One

you-cant-handle-the-truth-meme-generator-you-want-the-truth-you-can-t-handle-the-truth-9789dd

Here’s an oldie but goodie. A man and his son are in a serious car accident and both are taken to the emergency room, unconscious. The boy is wheeled immediately into surgery. The surgeon takes one look at him and says, “I can’t operate on this child, he’s my son.” Who is the surgeon?

Let’s Go Vishing

VISHING

Vishing, or eliciting information over the phone, is a common social attack vector. It’s proven to be one of the most successful methods of gaining information needed to breach an organization, even when used by an inexperienced attacker. When you can’t hack your way through your pentest, when you can’t break in with your red-team, Continue Reading >