Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Presentation Advice
From: Jack Daniel <jackadaniel () gmail com>
Date: Wed, 8 Sep 2010 21:49:58 -0400

Non IT folks? Aim low.  That is not a shot at the audience, just that they
may not get the significance of everything you show, and they may not
understand the ease or difficulty of the attacks.  Simplify the message, and
repeat it.

Ask what the one thing is you want them to take away, and a couple of points
you would consider bonuses- and focus on those.

If you can get the demo to work, great- but the demo gods are vengeful, have
a backup plan and don't fumble around if it is clear the demo is going to
fail- move on.

Good luck, and good for stepping up to do the education, we all need to do
more of it.

Jack




On Wed, Sep 8, 2010 at 4:59 PM, Craig Freyman <craigfreyman () gmail com>wrote:

I'm giving a security presentation to a room full of non IT folks in a few
weeks. The point I want to drive home is that simply having AV and a
Firewall doesn't make you bulletproof. There is a big gap between what the
bad guys can do and what modern security apps can stop or catch. I think one
way to help bridge this gap would be to raise user awareness and to get
users thinking about security issues. I believe most users think that with
AV/Firewall and not clicking on links, they're safe.

I was planning on doing a live demo (crossing fingers) to make this point.
I will set up a rogue AP ("FreeWIFI Connect to ME!"), connect a client
machine and then demonstrate some MITM attacks. I'll also throw in some SET
to have some meterpreter fun. Password stealing, key logging, sound
recording etc... I know I cant get too technical and if I do, I'll loose the
group. I think this demo would get their attention but was wondering if
anyone has done this before and if so, what did you do?

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault