The second day of the International Cyber Expo began with a fascinating talk from Rob Shapland, ethical hacking expert and Head of Awareness at Falanx Cyber.
Shapland began his talk describing his role as an ethical hacker, followed by an explanation of his talent for breaking into buildings. From dressing up in convincing work attire to mapping out a way to physically break into a company’s office, Shapland uses every trick in the book. All to prove his ability to bypass network security controls.
Drawing on previous experiences, Shapland regaled his audience with the story of the time he was asked to steal a vaccine design from a pharmaceutical company. His objective? Getting inside the computer network to steal the vaccine design, stored on a computer not connected to the internet. Without being caught, of course.
The first step of the mission was planning, starting with Open Source Intelligence Gathering (OSIG), the operation of conducting extensive company background research. Shapland explained:
“If you’re looking to break into a company the first thing you need to do is find out Who are they? Where are they based? What do they do? What’s their social media presence like? So, I start with their website, I’ll then look at the corporate and social media pages (Facebook, Instagram, Twitter).”
His research revealed an active company social media account, 25 internet facing computers, a website, an O365 suite and at least 100 employees identified via LinkedIn. This gave him the idea to perform a potential phishing attack using the employee’s email addresses as ammunition. Shapland then went on to explain how to effectively guess a work email address:
“Taking the names from LinkedIn, it isn’t difficult to convert to their email addre ..
Support the originator by clicking the read the rest link below.
