SE

Search for:


Archive for March, 2011

Microexpressions – A Key to Studying Human Behavior

Tuesday, March 29th, 2011

Since the launch of my book, Social Engineering: The Art of Human Hacking, there has been a lot of people talking to me about chapter 5 all about microexpressions and non-verbal communication.

It is true that non-verbal communication is fascinating to understand and for us as social engineers, I feel it is essential. Being able to decipher human emotions can change the way you communicate. Understanding what someone is saying, or even NOT saying can make communication so much easier. Also knowing how to control your own microexpressions is a vital key to portraying the proper message to those you are communicating with or even your targets in a social engineering audit.

With that being said, I enjoy watching news clips looking for times where the non-verbals do not match what is being said. I feel this helps me better understand people and also is great practice in reading these non-verbal signals.

(more…)

Posted in Interesting SE Articles | No Comments »

Creepy Tools for Social Engineers and Information Gathering

Monday, March 28th, 2011

geolocation 300x161 Creepy Tools for Social Engineers and Information GatheringGelocation has been a hot topic in the social engineering world for quite some time. As a social engineer it is important to be able to profile your targets efficiently. Tools like SET and Maltego make social engineering engagements easier.

Yet up until now there wasn’t a tool out there that helped a social engineer track the physical where-a-bouts of their targets. Of course you could go to their twitter, facebook, 4square and other social media accounts and gather all their messages and then find posts that have geo data in them and then take the time to gather all the details and make sense of them.

What if there was a way to retrieve information from Twitter as well as FourSquare. In addition, if you could then gather any geolocation data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com would that be impressive?

Enters Mr. Yiannis Kakavas. Yiannis approached Social-Engineer.Org with a beta of a tool he calls Cree.py…. and all I can say is creepy it is.

After a few minutes of installation it is up and running in BackTrack 4, Linux or Windows and you can track any targets gelocation from their tweets and social media.

(more…)

Posted in How-Tos | No Comments »

The Schmooze Strikes Back

Tuesday, March 22nd, 2011

se defcon19 2011FINAL The Schmooze Strikes Back
Social-Engineer.Org’s mission has been to raise awareness for social engineering and the role it plays in targeted attacks against companies today.

As security technology advances attackers are increasingly leveraging social engineering techniques in order to gain unauthorized access to global organizations and fortune 500 companies.

In our continued efforts to raise awareness – Social-Engineer.org is proud to announce the Defcon 19 Social Engineering Capture the Flag (SECTF) 2: “The Schmooze Strikes Back”.  Using the lessons we learned from Defcon 18, we expect to once again set new standards for raising (more…)

Posted in Social Engineering | 1 Comment »

Etsy – You Are What You Buy

Tuesday, March 15th, 2011

You would think after the past years scandals with Facebook, blippy, and other various social media snafus that the industry would start to get wise and be more careful about what personal information of their users they release online.  This is a long term problem however, for instance a couple years ago Sophos did a research study that found over 41% of the people they surveyed easily and willingly shared personal info (emails, date of birth, address and phone number) to complete strangers online. There is no indication that things are getting better at this point.

As amazing as that is to most of us reading this, what happens if your information is shared and you aren’t the one who willingly shared it?

That’s the situation today with Etsy.com. On March 9th Etsy’s admin’s excitedly put a post on their website stating that they have a new “feature” that will allow others to search for users, buyers and sellers on their site.

Sounds innocent enough? Well yes until you find out that this search function now affects your personal data, as well as cached in Google.
(more…)

Posted in Social Engineering | No Comments »

Social Engineer The Book Reviewed on Slashdot

Wednesday, March 9th, 2011

100 percent official 300x300 Social Engineer The Book Reviewed on SlashdotWow! What a humbling day today has been. Just a little bit ago I was linked to a review done by a gentlemen named, Ben Rothke. Ben wrote a really nice and very comprehensive review of the book on Slashdot. He broke it down chapter by chapter and really laid it all out there.

Thank you Ben!

The humbling was continued as our friends and supporters at BackTrack publicly congratulated us for being dubbed “The Official Social Engineering Book”.

All I can say is a truly heartfelt “Thank You”. With out this community this would not have happened.

Till next time.

Posted in Book and Course Reviews | No Comments »




SE Polls

SE CTF

Brad Smith