, Track 1
In 2018 at Bsides London, I presented The Basics of Social Engineering. That talk purposefully stayed away from psychology because I wanted to start with the absolute basics first.
6 years later, we're ready to level up your SE game with basic psychology.
The talk will cover:
Miller's Law
How to make an entrance
Body Language And Behaviour
Reciprocation
Friendship Signals
Isopraxism
A fun and engaging talk, with some funny war stories and real life examples from experience thrown in.
In 2018 at Bsides London, I presented The Basics of Social Engineering. That talk purposefully stayed away from psychology because I wanted to start with the absolute basics first.
6 years later, we're ready to level up your SE game with basic psychology.
The talk will cover:
Starting simply with an introduction to Miller's Law which explains cognitive limitations, and suggests that the average human can remember roughly 7 plus or minus 2 objects in memory. I'll use this "law" to demonstrate how we can visually clone an ID badge and why it doesn't need to be perfect.
How to make an entrance;
Being somewhere you likely shouldn’t be means controlling emotions, and your physical body state. I’ll talk about cloning a previous state, like how you feel when you walk into your local pub, and how to mirror that state when you walk into somewhere you shouldn’t be. Plus some details on how to act confident even if you aren’t.
Body Language And Behaviour:
This is a complex area, so I've kept it simple and approachable for everyone. I'll make some recommendations for the top 10 body language signs but also the bare minimum that I look for so as to keep things simple whilst under a lot of pressure of trying to get into places.
Reciprocation:
This is the practice of exchanging things with others for mutual benefit. In our situation, reciprocation is a useful tool when used in various different ways.
Friendship Signals:
There are 3 basic friendship signals that we display when meeting people for the first time. I'll break these down, and talk about why you might not want to give off friendship signals.
Isopraxism:
Sounds difficult, but it's just the technical term for mirroring. I'll give examples, including physical and verbal mirroring.
All these techniques are not only helpful in physical SE, phishing, but also in every day life.
Overall, a fun and engaging talk, with some funny war stories and real life examples taken from experience thrown in.
Chris has worked in a range of industries, most notable of which are Critical National Infrastructure (CNI), and leading edge design and manufacturing (Dyson).
Doing so has given Chris a very varied array of knowledge, from penetration testing robot vacuum cleaners, to designing and testing secure ICS/OT networks.
During Chris’ time at Dyson, he was involved in developing the global security team and performing internal penetration testing. Chris was also heavily involved with securing the design of Dyson’s current and future internet connected appliances, and corresponding smartphone applications.
Chris is an Red Team Lead at Accenture which involves him acting and thinking like a genuine attacker to compromise client networks.
Chris’ skill set also includes Social Engineering, and he has successfully gained access into CNI, Airports and Casinos, which are regarded are some of the most secure facilities in the industry.
Chris has been lucky enough to have spoken at DefCon twice (Social Engineering 101 & How to hack an oil rig) , and many different BSides across the country.