144: Rachel

150 snips

Apr 2, 2024

Rachel Tobac, a social engineer and founder of Social Proof Security, shares her fascinating journey from aspiring spy to cybersecurity innovator. She discusses her experiences in social engineering at DEF CON, revealing how she used charm and tactics to extract sensitive information. The conversation also touches on the ethical dilemmas of voice cloning technology and its implications. Additionally, Tobac and Daniel Miessler dive into the rising threats in cybersecurity and the importance of awareness in navigating these challenges.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

The Stock Scam

A scammer called Rachel Tobac in college, correctly predicting stock prices three times in a row.
This was a manipulation tactic to gain her trust before attempting to scam her.

ANECDOTE

DEF CON Inspiration

Rachel Tobac's husband introduced her to social engineering at DEF CON.
She competed in the social engineering contest three times, placing second each time, and this launched her career.

ANECDOTE

Bank Account Takeover

Rachel, hired by a bank for a penetration test, successfully took over fake customer accounts.
She bypassed security by providing fake identification documents when challenged for multi-factor authentication.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm.

Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/

Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/.

Sponsors

Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.