OWASP Atlanta - Social Engineering: Technical Controls for Emotionless Defense

User awareness training will never prevent 100% of social engineering attacks. However, consistent and reliable technical controls drastically mitigate an organization’s risk and increase the difficulty for malicious actors to launch successful attacks.

This talk describes social engineering from the perspectives of an attacker and a defender. The presentation will cover techniques designed to help organizations develop an ideal incident response plan crafted specifically for social engineering attacks. It will explain technical controls that are designed to inhibit attackers, as well as procedures that allow an incident response team to quickly identify successful attacks and eradicate their presence.

Bishop Fox conducted new research into the state of email spoofing defenses and identified organizations that are most commonly targeted for brand spoofing. This research will show that 99.9% of the top million domains are vulnerable to email spoofing and will provide recommendations for avoiding attacks.

This presentation covers attacks and defenses for dangerous social engineering activities, including:
•    Email spoofing
•    Domain hijacks
•    Typo-squatting
•    Client-side attacks
•    Watering hole attacks

Security Analyst Alex DeFreese and Senior Security Analyst Candis Orr present at this month's OWASP Atlanta Chapter Meeting - Social Engineering: Technical Controls for Emotionless Defense