![Page 1: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/1.jpg)
Cyber Security Landscape
![Page 2: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/2.jpg)
About me
Josh Pauli
Associate Professor of Cyber Security
Dakota State University (Madison, SD)
10 years and counting!
![Page 3: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/3.jpg)
About DSU’s Programs
We have 300+ students studying: Cyber Operations (Cyber Security)
Computer Science
![Page 4: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/4.jpg)
Cyber Operations
Largest degree on campus (170 / 1200)
Explosive growth in the last two years (55 in ‘11; 70 in ‘12)
Want the best and brightest regardless of computing history
A great mix of: Programming Networking Operating systems “hacking”! Ethics Critical thinking
![Page 5: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/5.jpg)
Cyber Corps
Full ride scholarships + attractive stipend
$35,000-40,000 per year including $20,000 stipend
Work for Gov’t agencies after graduation National Security Agency (NSA) Central Intelligence Agency (CIA) Space and Naval Warfare Systems
Command (SPAWAR)
![Page 6: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/6.jpg)
Center of Excellence in Cyber Operations
NSA wants the most technical cyber experts
DSU was selected as 1 of 4 in the entire nation Now 8 schools
Only public institution in the nation
Only program with dedicated Cyber Ops program in the nation
Only undergraduate program in the nation
![Page 7: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/7.jpg)
Cyber @ DSU
Best Cyber Operations curriculum in the nation
Cyber Corps scholarships to save over $100,000
Top Secret security clearance before graduation
Work on the top security projects in the world
25 years old: Undergrad & Graduate degrees in Cyber Operations Top Secret government security clearance 2-3 years of experience in a Federal agency Any job you ever want anywhere you want it
![Page 8: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/8.jpg)
Today’s Rundown
1. What’s technical social engineering (TSE)?
2. Timeline of hacking
3. AV is dead! Long live AV!
4. How to prevent TSE attack
5. TSE in penetration testing
6. Q & A
![Page 9: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/9.jpg)
What’s technical social engineering (TSE)?
![Page 10: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/10.jpg)
TSE != traditional social engineering
It’s NOT: Physical impersonation Pretext calling Dumpster diving
Still good stuff; just not what we’re talking about today!
![Page 11: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/11.jpg)
It is
Relying on people being: Gullible Greedy Dumb Naïve
And using technology own them!
![Page 12: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/12.jpg)
What’s this “owned” you speak of?Remote code execution
Administrative rights
Key loggers
<<insert juicy payload here>>
![Page 13: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/13.jpg)
We are actually pretty good at:Not clicking linksOpening filesVisiting websites
But it only takes 1 person!
This is why we can’t have nice things…
![Page 14: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/14.jpg)
Timeline of hacking
![Page 15: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/15.jpg)
That escalated quickly
![Page 16: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/16.jpg)
Future is now
![Page 17: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/17.jpg)
AV is dead! Long live AV!
![Page 18: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/18.jpg)
AV is good at what it does
But it’s not enough Just one “layer”
Signature-based = always behind
How AV vendors work (simplified) Why security researchers giggle at this
![Page 19: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/19.jpg)
How to prevent TSE attack
![Page 20: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/20.jpg)
In a word: You
And only you!
User Awareness Training Currently a raging debate in InfoSec
Fear v. education Punish v. reinforce
![Page 21: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/21.jpg)
TSE in penetration testing
![Page 22: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/22.jpg)
TSE is PT; PT is TSE!
“Check the box” v. “Get after it!”
TimingScopePriceSo this is red team? Who can actually do this?
![Page 23: Josh Pauli Associate Professor of Cyber Security Dakota State University (Madison, SD) 10 years and counting!](https://reader030.vdocument.in/reader030/viewer/2022032722/56649cda5503460f949a3b71/html5/thumbnails/23.jpg)
Q & A