We're sunsetting PodQuest on 2025-07-28. Thank you for your support!
Export Podcast Subscriptions
cover of episode 144: Rachel

144: Rachel

2024/4/2
logo of podcast Darknet Diaries

Darknet Diaries
AI Deep Dive AI Chapters Transcript
People
J
Jack Recider
R
Rachel Tobac
社会工程专家和安全顾问,专注于提高对社会工程攻击的意识和防御能力。
Topics
Jack Recider: 本集讲述了社会工程专家Rachel Tobac的经历,以及她如何利用社会工程技术和AI技术进行渗透测试,并揭示了网络安全中的漏洞和风险。通过对多个案例的分析,展现了社会工程攻击的技巧和危害,以及AI技术在网络犯罪中的应用。 Rachel Tobac: 我分享了我在DEF CON黑客大会上的经历,以及我如何通过社会工程技术成功渗透测试银行和科技公司,并帮助他们改进安全措施。我还演示了如何利用AI语音克隆技术进行社会工程攻击,以及如何通过伪装成记者和应聘者获取公司内部信息。 Daniel Miessler: 我对AI技术在网络安全中的应用进行了分析,并提出了利用加密技术来验证身份和信息来源的建议,以应对AI换脸和语音克隆等技术带来的风险。 Rachel Tobac: 我在DEF CON黑客大会上参加社会工程竞赛的经历,以及我如何利用社会工程技术和AI技术进行渗透测试,并帮助客户改进安全措施。我分享了多个案例,例如如何通过电话号码欺骗和语音克隆技术获取银行账户的访问权限,以及如何通过伪装成记者和应聘者获取公司内部信息。我还强调了多因素身份验证的重要性,以及如何通过改进公司内部沟通和培训来减少安全风险。 我利用AI语音克隆技术成功地骗取了60分钟节目组成员的护照号码,这说明了AI技术在网络犯罪中的应用,以及我们对AI技术的依赖性。 我建议公司应该重视员工在LinkedIn等社交媒体平台上发布的信息,因为这些信息可能会被攻击者利用。 Daniel Miessler: AI换脸和语音克隆技术的发展使得传统的身份验证方法面临挑战。我们需要新的技术来应对这些风险,例如利用加密技术来验证身份和信息来源。这需要一个多层次的安全体系,包括技术手段和人员培训。 在未来,我们需要更加重视数字身份的安全性,并开发新的技术来应对AI技术带来的挑战。我们需要一个更加安全和可靠的网络环境,以保护个人和组织免受网络犯罪的侵害。

Deep Dive

Chapters
This chapter recounts a story of a college student who was scammed by an individual who accurately predicted stock prices. The scammer used a clever mathematical trick to appear exceptionally skilled, highlighting the deceptive nature of some online schemes.
  • A scammer tricked a college student by appearing to accurately predict stock prices three times in a row.
  • The scammer used a statistical trick involving multiple people to create the illusion of accuracy.
  • The story highlights the deceptive nature of online scams.

Shownotes Transcript

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm.

Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/

Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/.

Sponsors

Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.