Chris Kirsch - Psychic Cold Reading Techniques - DEF CON 27 Social Engineering Village
Вставка
- Опубліковано 21 вер 2024
- Cold reading is a technique to make others believe that you have psychic powers. After reading everything I could find on cold reading, I ran a two-day experiment during the Veracode Hackathon, where I gave psychic readings to colleagues whom I didn’t know personally. Each participant filled in a survey at the end of the reading, and gave me a short video statement about the experience.
In this talk, introduce the concept of cold reading, my experiments, and recommendations for using cold reading techniques in social engineering. I’ll walk through the set up of the experiment, which included setting the scene through props, gauging the “sitter’s” level of experience and openness to psychic readings, and then various techniques I applied. These included using statements rather than questions, rainbow ruses based on reading social cues, and playing with probabilities. The talk includes video testimonials and survey results to show the effectiveness of the techniques in the experiment.
We’ll then switch to applying cold reading to social engineering. We’ll cover how props help build your authority if you introduce them in the right way. Using statements rather than questions demonstrates that you are an insider and know the company or situation well, which builds rapport fast. Gauging whether a target is tech savvy helps you tailor your attack. Researching frequently used hardware and software (probability game) and using these in statements can further build your authority. We’ll learn how fortune tellers are never wrong, and how to build justifications so you are always right. Doing OSINT research on your target will help your hit rate, which is what psychics call a warm reading. Before going into questions we’ll cover the following week’s winning numbers for MegaMillions.
Chris Kirsch: @chris_kirsch
Chris Kirsch (@chris_kirsch) has always had a passion for security, but bad life choices led him to a career in marketing - for many DEF CON attendees just one step above a rose seller. He has enjoyed worked product marketing jobs at PGP Corporation, nCipher, Rapid7 and now Veracode. Born in Germany, he has lived in Switzerland, the United Kingdom, and now the United States. In 2017, Chris received a DEF CON black badge for the Social Engineering CTF by shamelessly taking advantage of nice, trusting people at a Fortune 500 gaming company. Chris is currently looking for an internship with a fortune teller to advance his career.
As for microexpressions - I have practiced with this and recognized when others have been less than truthful or expressed emotions they were otherwise attempting to hide. Flushed face/skin first indication. Arching brows, dimple in the cheek from clenched jaw, perspiration from anxiety which is generally induced by the yin and yang effect you mention here. Also body language is key. Shaking the leg, legs together or closed, arms to the side in open posture or stiff and folded, etc. People put weight into crossed legs but I often consider crossed legs as a posture for professionalism as well. Tight forehead and wide eyes can be misconstrued as shock when it could be excitement or elation. Shift glance to the left or right construed as a lie but may be an indication of memory seeking. Posture under pressure also takes different forms. Social engineers are excellent and clever penetration testers.
@c ball yep, showing your insecurity and testing mine loud and clear.
Derren Brown did a personality reading on a group of students "highly" detailed, 90+ percent accurate, group all swapped readings and were blown away when they realised that they were all exactly the same.
Can't find it on UA-cam though ☹️☹️☹️
ua-cam.com/video/si2HoscBLIw/v-deo.html
@@twrlflierp not available in my country due to copyright ☹️☹️☹️☹️
Vpn {Australia) suddenly available 👍👍👍👍
That would be why I couldn't find it. Thanks very much for the link, saw it on TV ages ago, happy to be able to watch it again 👍👍👍
@@legion162 hey can u share the link again
@@abhishekpatil5768
This is one of the ones that he did. Hopefully it works in your country
m.ua-cam.com/video/I6uj1ruTmGQ/v-deo.html
It's in his book, trick of the mind.
Fascinating topic
I don't actually read like this as I view tarot more in a flexible spiritual way. But interesting fake out. I still suspend judgment on the subject of belief as it is a useful tool for creating and modifying. Magick and tarot, combined with psychology highly useful skillsets and I believe tarot can be a therapy. Truly after reading Jung's collected essays Psychology and the Occult - it's a useful build! Reading it, you recognize that he probably took a similar approach to occult theory and experience as a social engineer.
What he's doing strikes me as being a bit like practicing the guitar, then giving a performance on the instrument, then saying "I don't believe guitarists are real".
I don’t get the analogy. What he saying is that psychics and mental is purport to do these things. Thanks to some secret magical power but in reality they’re just using social engineering.
He’s showing people that you can play people like guitars, following the structure of patterns in the instrument (brain, 12 notes), not magic.