This is an informal meetup of Western New York information security practitioners for conversation and knowledge sharing. Whether you're a student with an interest in the field, a CISO with decades of experience, or somewhere in between, we all have new things to learn and new frontiers to conquer. All are welcome!
Given the current public health crisis, the meetup is going to be virtual this month.
RSVP for access to the Discord server invitation link.
Our speaker this month is Bruce Potter, CISO of Expel and founder of The Shmoo Group, presenting "The Art of Elicitation".
There’s a long, storied history around social engineering your way to success. Getting users to give up passwords, create accounts, and generally do things they’re not supposed to do are part of our collective hacker history.
But what about when the user is supposed to give you the details. If you’re on a pen test or part of a blue team assessment, interviewing users, developers, and administrators is an important information gathering process. However, unlike straight up social engineering, there’s not a lot of art out there on how to conduct successful interviews. Eliciting useful information can help you uncover badness and vulnerabilities faster. Using the right techniques can make the difference between an hour long architecture review where you get no new information and a short discussion where a user points you directly at all the weak points in a system.
This talk will examine the art of elicitation including the history of elicitation as a concept, understanding elicitation techniques, tips to guide you to getting the information you want, and examples of good and bad elicitation techniques.