How to bypass million dollar cyber security solutions - War Stories of a Social Engineer
2023-11-04 , TRACK 2

How to bypass million dollar cyber security solutions - War Stories of a Social Engineer It feels like in cyber security these days, we're all about spending the big bucks to buy the latest next gen firewall, or the best EDR (Endpoint Detection and Response) solution, or the newest Web Application Firewall because someone in compliance said it was required for an audit. As a result, it feels like we're missing the most crucial part of our cyber security defences, the human. This talk is a collection of war stories of how I was able to bypass all the expensive cyber security solutions, using social engineering techniques and targeting the humans/employees. Each story highlights the weakness, and demonstrates why technical products and solutions shouldn't be the be all and end all of protecting the business. Showing problems and weaknesses without offering advice isn't much use, so the last section of talk is dedicated to helpful suggestions and sharing experiences of what's worked in the past, and what hasn't.

Chris has worked in a range of industries, most notable of which are Critical National Infrastructure (CNI), and leading edge design and manufacturing (Dyson). Doing so has given Chris a very varied array of knowledge, from penetration testing robot vacuum cleaners, to designing and testing secure ICS/OT networks. During Chris’ time at Dyson, he was involved in developing the global security team and performing internal penetration testing. Chris was also heavily involved with securing the design of Dyson’s current and future internet connected appliances, and corresponding smartphone applications. Chris is an Adversarial Engineer (aka penetration tester) at Lares which involves him acting and thinking like a genuine attacker to compromise client networks. Chris’ skill set also includes Social Engineering, and he has successfully gained access into CNI, Airports and Casinos, which are regarded are some of the most secure facilities in the industry. Chris has been lucky enough to have spoken at DefCon twice, and many different BSides' across the country.