Social engineering is a powerful technique attackers can use to coerce human targets into exposing sensitive information. In this course, Troy Hunt and Lars Klint show common forms of social engineering, and how you can fight back.
Despite how robust computer security may be, there remains a serious threat within any system: the people using it. Social engineering is an enormously powerful technique which exploits human weaknesses such as greed, fear and even attributes we consider positive such as sympathy and generosity, in order to compromise security systems and give an attacker access to sensitive information. In this Play by Play, Troy and Lars discuss various techniques that adversaries use to coerce their targets into performing actions that they wouldn't normally do. These range from very simple techniques that even your kids use, to sophisticated human manipulation practices designed to compromise large scale systems.
Troy is a Software Architect, Microsoft MVP for Developer Security and ASPInsider. He's a regular conference speaker, frequent blogger at troyhunt.com and is the author of the OWASP Top 10 for .NET developers series and the free eBook of the same name.
Lars is an author, trainer, Microsoft MVP, community leader, authority on
all things Windows Platform, and part time crocodile wrangler. He is heavily
involved in the space of HoloLens and mixed reality, as well as a published
Pluralsight author, freelance solution architect, and writer for numerous
Hi, this is Troy Hunt, and in this play by play course you're going to see my good mate Lars Klint and I cover a heap of social engineering practices. You're probably already familiar with what social engineering is, even if you perhaps don't know it by that term. So, for example, if you see advertisements, you inevitably see social engineering. If you have kids like Lars and I, you probably see them attempt to socially engineer you many times over. We may not know it by that term, but both of those are great examples of psychological manipulation, which is what we're really talking about with social engineering.
You're probably also familiar with social engineering if you've ever received spam, particularly the kind that tends to come from Nigerian princes with large amounts of money that they want to exfiltrate with your help. They just need a few funds to get started. When it comes to social engineering in information systems, humans are the weak link, and social engineering attempts to exploit our flaws, flaws like greed and curiosity and even other attributes of our personalities that we'd normally consider to be very positive, so things like sympathy and courtesy. They're both behaviors that an adept social engineer is very good at exploiting.
Even the best protected systems can come undone when you put fallible humans into the mix, and often we become the weakest link. And in this play by play course you're going to see Lars and I take you through a number of different social engineering tricks which attackers have become very good at using in order to compromise both people and systems. We had a lot of fun creating this play by play course, and we hope you enjoy watching it.