Chris Kirsch — Psychic Cold Reading Techniques — DEF CON 27 Social Engineering Village

Дата: 21.11.2019. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

Cold reading is a technique to make others believe that you have psychic powers. After reading everything I could find on cold reading, I ran a two-day experiment during the Veracode Hackathon, where I gave psychic readings to colleagues whom I didn’t know personally. Each participant filled in a survey at the end of the reading, and gave me a short video statement about the experience.

In this talk, introduce the concept of cold reading, my experiments, and recommendations for using cold reading techniques in social engineering. I’ll walk through the set up of the experiment, which included setting the scene through props, gauging the “sitter’s” level of experience and openness to psychic readings, and then various techniques I applied. These included using statements rather than questions, rainbow ruses based on reading social cues, and playing with probabilities. The talk includes video testimonials and survey results to show the effectiveness of the techniques in the experiment.

We’ll then switch to applying cold reading to social engineering. We’ll cover how props help build your authority if you introduce them in the right way. Using statements rather than questions demonstrates that you are an insider and know the company or situation well, which builds rapport fast. Gauging whether a target is tech savvy helps you tailor your attack. Researching frequently used hardware and software (probability game) and using these in statements can further build your authority. We’ll learn how fortune tellers are never wrong, and how to build justifications so you are always right. Doing OSINT research on your target will help your hit rate, which is what psychics call a warm reading. Before going into questions we’ll cover the following week’s winning numbers for MegaMillions.

Chris Kirsch: @chris_kirsch
Chris Kirsch (@chris_kirsch) has always had a passion for security, but bad life choices led him to a career in marketing – for many DEF CON attendees just one step above a rose seller. He has enjoyed worked product marketing jobs at PGP Corporation, nCipher, Rapid7 and now Veracode. Born in Germany, he has lived in Switzerland, the United Kingdom, and now the United States. In 2017, Chris received a DEF CON black badge for the Social Engineering CTF by shamelessly taking advantage of nice, trusting people at a Fortune 500 gaming company. Chris is currently looking for an internship with a fortune teller to advance his career.


Об авторе CISOCLUB

Редакция CISO CLUB. Официальный аккаунт. CISO CLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *