Catch me, Yes we can! - Pwning Social Engineers Using Natural Language Processing Techniques in Email & Non-Email Attacks

Thursday, October 25, 2018

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

Pwning Social Engineers Using Natural Language Processing Techniques in Email & Non-Email Attacks by Ian Harris + Marcel Carlsson
Advanced Threat Protection by AJ Shipley

Social engineering is a big problem and little progress has been made in stopping it, aside from detection of email phishing. Attacks are launched via vectors in addition to email, e.g. phone, in-person and messaging. Detecting non-email attacks requires a content-based approach that analyzes the meaning of attack messages.

Our first presenters observe that attacks must either ask a question whose answer is private, or command victims to perform a forbidden action. Their approach uses natural language processing techniques to detect questions and commands in messages to determine if they are malicious.

Question answering (QA) approaches, a hot topic in information extraction, attempt to provide answers to factoid questions. Although the current state-of-the-art in QA is imperfect, they have found that even approximate answers are sufficient to determine the privacy of an answer. Their approach was tested on 187,000 emails. They discuss the false positives and false negatives and why this is not an issue in a system deployed for detecting non-email attacks. Demos will be shown.

Brought to you by:


Guest Speakers:

Ian G. Harris

Ian G. Harris

Vice Chair of Undergraduate Education in the Computer Science Department

University of California, Irvine

Professor Ian G. Harris is Vice Chair of Undergraduate Education in the Computer Science Department at the University of California, Irvine. His research involves computer security and design verification. Natural Language Processing (NLP) is a prominent theme in Professor Harris' work. He has presented his research at numerous academic conferences, as well as DEF CON and also The Social-Engineer Village at DEF CON.

Marcel Carlsson

Marcel Carlsson

Principal Security Consultant and Researcher


Marcel Carlsson is a principal security consultant and researcher at Lootcore. He performs advanced threat scenario-based adversary emulation, red teaming and research for international businesses and organizations. Marcel has presented at hacking conferences all around the world.

Sponsor Presenter:

AJ Shipley

AJ Shipley

VP Product Management


Business Email Compromise (BEC) is a type of advanced email attack that inherently relies on the use of identity deception and evades detection by avoiding the use of a detectable payload such as a URL or attachment. Often times these advanced attacks have very short message bodies that also make them hard to detect by emerging language processing engines. Attendees can expect to learn how to defend against these targeted email attack, learn measures that can be taken to strengthen security controls, and practical tips to disrupt the criminals and their fraud rings by presenter AJ Shipley, VP Product Management at Agari. With over 20 years of direct experience in the cyber security industry, AJ brings a wealth of knowledge and subject matter expertise spanning all aspects of information security. He is a Certified Information System Security Professional and has held product management, marketing, professional services, and engineering leadership roles at Cisco Systems, NetApp, Wind River Systems, and LookingGlass Cyber Solutions prior to joining Agari.

Sustaining Partners