Surove Strasti

E095 – Christopher Hadnagy – Chief human hacker

Hrvatski: Christopher Hadnagy je jedan od pionira socijalnog inženjeringa – skupa metoda i alata koji su razvijeni specifično da potaknu ljude da naprave nešto što inače ne bi, bilo u dobre ili loše svrhe. Specifično, ovo područje je nastalo iz računalne (informatičke) sigurnosti, gdje su rani hakeri kao Christopher iskorištavali nove mogućnosti u komunikaciji elektroničkim sredstvima, te povjerenje i nesnalaženje u istima od strane korisnika, da bi dolazili do inače povjerljivih informacija ili lokacija. Kasnije se ovo područje razvilo u cjel0kupan set usluga i alata koji se u pozitivne svrhe koristi kada korporacije žele testirati koliko su otporne na napade koji uključuju iskorištavenje njihovih djelatnika. Christopher je kreirao prvu zaokruženu edukaciju o ovome, autor je knjiga Social-Engineering: The Art of Human HackingUnmasking the Social Engineer: The Human Element of SecurityPhishing Dark Waters, te Social Engineering: The Science of Human Hacking. S gostom ove epizode je razgovarao Saša dok je polazio upravo opisanu edukaciju u SAD-u.

English: Christopher Hadnagy is one of social engineering pioneers. This is a set of methods and tools developed specifically to induce people into doing an action they otherwise wouldn’t – for better or for worse. Specifically, this field is an offshoot of IT security, where early hackers such as Christopher have exploited new opportunities in electronic communications technologies, the combination of users’ trust and confusion with them, to gain access to confidential information and locations. Social engineering has later been developed into a comprehensive set of services and tools which are being used by the good guys when corporations wish to test their resilience to security attacks which involve exploiting their workforce. Christopher is the creator of the first all-around training course on the subject, and has authored several books: Social-Engineering: The Art of Human HackingUnmasking the Social Engineer: The Human Element of SecurityPhishing Dark Waters, te Social Engineering: The Science of Human Hacking. This interview was conducted by Sascha while attending the Advanced Practical Social Engineering Training course with Christopher in Orlando, Florida.

Teme razgovora:

  • 00:45 – Saša: Chris likes me!
  • 01:15 – Chris is a famous name in social engineering
  • 02:00 – When did the term ‘social engineering’ come to you
  • 03:20 – I have a specific set of skills…
  • 05:00 – ‘Well… I’ll run your business for you!’
  • 07:30 – A weird path led me to figure out what my skills are
  • 08:20 – I get bored really fast. When there is no more challenge or opportunity to learn – I’m done.
  • 10:51 – Everything is learnable if you have the right motivation and a right teacher
  • 12:30 – Little goals in conversations with people in everyday life
  • 13:25 – Is social engineering good or bad?
  • 14:30 – I focus my business on influence
  • 16:30 – Where does the term ‘social engineering’ come from?
  • 17:30 – Emotions disables the rational centres – and this is when I try to make an influence
  • 19:00 – Access the network through the building and through the people
  • 20:45 – It feels good when you change someone’s perception and they feel good and proud about it
  • 22:15 – Experiences with writing books
  • 24:30 – There is always going to be people that love you and there is always going to be people that hate you – interact with both and take most out of it
  • 27:00 – Someone does something amazing even though they are nervous with it every time
  • 28:50 – If I find people falling for phishing emails, the company must agree in advance not to fire them
  • 30:30 – It’s better to praise the good ones and train the bad ones than it is to shame the bad ones and do nothing for the good ones
  • 31:30 – There must be ethics in social engineering
  • 33:30 – We build relationships with our clients
  • 34:00 – What are the traits of a fantastic social engineer?
  • 35:30 – What are the qualities you can work on to be a better social engineer?
  • 36:15 – Critical thinking is more important than intelligence
  • 37:10 – Critical thinking requires empathy
  • 38:50 – Failure is an opportunity to learn
  • 39:45 – Humility, humbleness and honesty – recipe for when you mess up
  • 41:15 – Is it easier to be a social engineer if you are a pyschopath?
  • 44:00 – What is your biggest fear?
  • 45:30 – If we mess up – we own it
  • 46:15 – In five years looking back to today what would you regret?
  • 47:20 – What is your personal mission?
  • 48:30 – Would you change your profession?
  • 50:00 – What is the direction you would like to expand your company?
  • 50:50 – If you had power to take one book and put it in your hands 20 years ago…

Christopher preporuča:

PREPORUKE ZA LAKŠE I UGODNIJE SLUŠANJE PODCASTA

*Epizoda podcasta snimljena je na radiju 808.

Majstor zvuka: Gordan Antić

Suradnik na blogu: Mario Mucalo