Profile picture
, 8 tweets, 6 min read
I’m super excited for this talk by @ChristinaLekati about social engineering through social media at #Hacktivity2019 !
Social engineering isn’t all about charm and luck — it involves a strategy & a plan, always.

You gather everything you can about the org, identify the best target based on ROI (highest reward + lowest risk of detection), then craft a story to approach them.

- @ChristinaLekati
Facebook scams were the #1 way to breach networks according to a Cisco report in 2017.

Hence, SOCMINT is becoming such a popular strategy — it helps tailor their operations & also people are shy to report “emotional compromise”
Case study by @ChristinaLekati in her #Hacktivity2019 talk: Mia Ash, used by “Cobalt Gypsy”

They first tried PupyRAT via phishing, but that didn’t work. So they created the fake person Mia Ash to establish relationships with targets (yes Mia was pretty hot)
Attackers will look at your personal brand — how you present yourself, if you excude insecurities, etc.
@ChristinaLekati

For any future attackers: my personal brand is fluffy kittens, unlimited crispy bacon, resting bitch face & intellectualism as a coping mechanism
This is @ChristinaLekati ‘s profiling matrix (unfortunately it isn’t showing up well in this pic). It includes self image, social life, & professional life combined with personality, interests, wants, & vulnerabilities.

#Hacktivity2019
Personality traits are used to build rapport. Interests / wants are the “hooks.” Vulnerabilities can be used when likability doesn’t work.

We like people who are like us, so social engineers will present themselves like you.
@ChristinaLekati #Hacktivity2019
Security culture matters, though I would argue someone trying to be nice by reviewing an Excel file shouldn’t cause your organization to crumble. Anticipate that people want to be helpful & will download crazy shit

A great talk by @ChristinaLekati at #Hacktivity2019 !
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Skellyton Shortridge ☠️

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Hacktivity2019

More from @swagitda_ see all

Profile picture
Kelly Shortridge
@swagitda_
TIL F500 firms won 41% of R&D awards in 1971, but only 6% in 2006. In general, despite increases in science, we aren’t seeing increases in productivity.

This paper explores why, & I’m gonna highlight some interesting things from it in this thread: nber.org/chapters/c1425…

1/14
First, if you wanted a history of corporate labs, this paper is your nerding-out haven.

Turns out antitrust policy mid-century discouraged M&A & led corporations to focus on internal R&D for innovation (vs acquiring it). Maybe renewed antitrust focus will bring them back?

2/14
Another key aspect of the science =/= productivity shift is that universities focus on research, while corporations focus on dev.

This specialization makes it harder to “translate” research findings into practical solutions.

3/14
Read 14 tweets
Profile picture
Kelly Shortridge
@swagitda_
@snare @IanColdwater I am so glad to be your token (former) i-banker contact ✨

unfortunately my former i-banker stock advice is limited to those who have adorable dogs named Seymour, but my general advice is:
* choose a company you think will exist in 10 years
* buy stock
* hold 10 years
@snare @IanColdwater Do not think you can “hack” the equity markets... you can’t, & people with many millions of $$$ will always do it better.

Don’t put all your net worth in one stock. Don’t panic when markets dip, so only invest an amount that won’t screw you. Wait to sell as long as you can.
@snare @IanColdwater Probably most reading this are tech-savvy, & will roughly know what is “sticky” at tech companies. Don’t try to learn the ins & outs of like, biotech.

As a starter, just buy a cheap S&P 500 ETF & keep your horizon to 5 years — it is unlikely it will not go up (esp @ 10 years)
Read 4 tweets
Profile picture
Kelly Shortridge
@swagitda_
Super pumped for this panel about detecting attacks at scale w/ @jessfraz @argvee @mhil1 @BradMaio
SecOps hierarchy of needs was created in the 1970s, as pointed out by @argvee, & we’re constantly rethinking how to do detection. She thinks we’re in the early days of this current 5 year detection cycle — this time, catalyst is the cloud
“In 2050 when data centers are running on Mars (😂), we’ll have data readily available to make decisions, & humans won’t be needed to make those decisions — the systems will defend themselves” - @argvee
Read 21 tweets

Related threads

Profile picture
Lenny Rachitsky 👋
@lennysan
Five ways to level up as a PM outside of the office:

1. Read, with a goal
2. Read, without a goal
3. Write
4. Meditate
5. Learn new skills that you are pulled towards

Thread 👇
1/ Read, with a goal: Determine 2-3 skills you most want to develop (strategy? execution? leadership?), pick a set of books and articles that speak to these skills, and work through them. Here’s a curated set of reads I've previously put together.
lennyrachitsky.com/p/how-to-get-i…
2/ Read, without a goal: Not all things need to be goal-oriented. Make time to read stuff you’re super excited about even if it’s only tangentially related. Here’s a story about how @bchesky's reading of Walt Disney’s biography changed Airbnb's strategy.
fastcompany.com/3002813/how-sn…
Read 7 tweets
Profile picture
M.
@Musa_Doo
I’m going to repurpose & re-retweet @MomentsWithBren ‘s scholarship & remote work opportunities, along with teaching abroad positions until you apply & go abroad! your 2019 must & will obey! this is for new & old tweeps, unfollow if you’re tired. We want success only! Go shine🙏🏾
I’m not here to play with ya’ll. Here we are positive, we engage, collaborate whether you’re from western/southern africa or beyond. we are going to be proactive, we are going to go through threads & read. think critically before asking silly questions & just apply, period! 😬🙏🏾
Please before you harass me, let me make it clear. I work almost 12 -13 hours daily Monday to Friday. I will assist only once you’ve done your part! Do not ask me how do I apply? When you have not clicked on the job link/read the job spec! I am 7 hours ahead of CAT /African time.
Read 17 tweets
Profile picture
Sibel Edmonds
@sibeledmonds
Urging Calm Amidst Hysteria On #Turkey #Syria- 1- Without explicit green-light from #USA it will be a very limited (for show) maneuver; 2- This is being used here in #Turkey for temporary political gain (uniting the opposition with current admin); 3- #Russia also has put limits
Take in the macro picture (Forest instead of the trees): A major offensive by #Turkey is opposed by: #USA #Syria #Russia & #Iran. Only a brief limited muscle-flexing show is allowed. #GeopoliticalTheater
Here it is #Turkey “Still Preparing”. For the last 5 days, 1 minute they say “we are going in shortly, as in the next 24 hrs”, the next minute “we are preparing” or “we are waiting for XYZ ...”. The written on stone “Sep 30” deadline in #Syria expired 9 days and 11 hrs ago.
Read 85 tweets
Profile picture
dominik.dev 🐼 #SIGNALConf @twilio
@DKundel
Super excited to finally talk about it 😊 @philnash @stefanjudis & I worked the last weeks on the Serverless Toolkit that allows you to more seamlessly develop and deploy @twilio Functions 🎉

github.com/twilio-labs/se…
You can use it via the brand new @twilio CLI:
```
npm i -g twilio-cli
twilio plugins:install @twilio-labs/plugin-serverless
twilio serverless --help
```
#SIGNALConf

github.com/twilio-labs/pl…
You can use it as a standalone tool:

```
npm init twilio-function my-project
cd my-project
npx twilio-run deploy
```

github.com/twilio-labs/tw…

#SIGNALConf
Read 5 tweets
Profile picture
Julia Serano
@JuliaSerano
I think the real reason why Jessie Singal is freaking out about this is that, once the government eradicates trans people, he won't have anything to write about anymore... : (
...but in all seriousness, Singal has written article after fearmongering article depicting trans activists as anti-science bullies who overreact to everything. he has helped pave the way for this...
...he acts shocked at this news, while at the same time he's been working on a pro-Zucker follow-up article & a book thrashing gender-affirming healthcare. he doesn't make a connection between the two, because it's all abstract to him. his life is never on the line...
Read 5 tweets

Trending hashtags

#CongressPakistanUnited #LokSabha #Bengal #Nehru #voted #Putin #AayegaToModiHi #makeAmericagreatagain #Netflix #naijabrand #LokSabhaElections #entrepreneur #madhyapradesh #shopping #VijayiBharat #misplacedconfidence #BharatKeVeer #opendara #MakkalNeedhiMaiam #samjhautaexpress #WhyModiAgain #VoterFraud #Erdogan #savesabarimala #IndiaSaysNaMoAgain
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!