Social-Engineer.Org : Security Through Education

Are you ready for DEF CON 21? Just when you thought it couldn’t get any better, the Social-Engineer Capture the Flag (SECTF) is getting better and badder this year.

To keep this interesting, we decided to pit the ladies against the men once again. Last year, we heard some war cries that the ladies didn’t do as well as they wanted and need VENGEANCE!!! So paint your faces blue, grab your claymores and prepare for another epic Battle of the SExes – SE STYLE in this years “Who is the Deadliest Social Engineer – Men vs Women II”

(more…)

It seems that it is hard to turn on the news without hearing another report about Chinese Hackers. According to some reports, the Chinese have shown time and time again that they are a force to be reckoned with when it comes to cyber warfare. Recent investigations have shown that, perhaps, the Chinese Army is even responsible for many government and corporate secrets being siphoned from U.S. networks.

Mandiant, a cyber security research firm, released a 60-page document last month which details the rampant hacking against U.S. companies from just one group of Chinese hackers in operation since 2006. Their report states that “hackers have stolen hundreds of terabytes of data, including technology blueprints, proprietary manufacturing processes, business plans and partnership agreements.” Dan McWhorter, head of Mandiant’s Threat Intelligence Business Unit said, “They’ve compromised over 141 corporations across 20 different industries and stolen just a wealth of intellectual property…” (more…)

Everything must come to an end, and this story is no different. I would like to take the time again to thank Chris “loganWHD” Hadnagy for getting me to open up and tell this story and Jay Trinckes for putting a spit polish on my crude words. Now, on to the story…

After the frame job, I transferred to another bar at a nearby Post where the manager was a friend.  The new bar had a lot bigger slot machine section.  I again had the keys to the door, the combo to the safe (this time, with $180k in small non-sequential bills at all times), and access to the video surveillance system controls/hard drives.  While I was at this bar, we became the #1 grossing facility in the world for M.W.R.(Morale Welfare and Recreation).  Our annual budget was $15. 8 million in slot revenue and we had just expanded with an annex a month before I left.   I was mostly the one that counted, sorted, wrapped, and deposited all that money. Some slot drops (say, the ones after a holiday) were so large that I would be counting a quarter of a million dollars that day.  (You will never know that kind of temptation, my friends.) (more…)

The Verge is reporting that hackers are targeting and have successfully compromised the Xbox Live accounts of high profile Microsoft employees past and present. It appears that the social engineering attack was accomplished using a technique called chaining or stringing, or as we call it, a multi-tiered social engineering attack. A multi-tiered social engineering attack works like this:

1. Attacker has [xyz] info
2. Attacker uses [xyz] to socially engineer Company A into giving [abc] info
3. Attacker uses [abc] to socially engineer Company B into giving [mno] info
4. Attacker uses [xyz], [abc], and [mno] info to gain access to account in Company C

(more…)

In a crazy story that we just had to report on… an Australian man dressed in a all too short cassock, fake cross and using a scarf as a purple sash managed to sneak past the Swiss Guards and into the Vatican.

He was photographed shaking hands with a Cardinal in the cobblestone square left of the basilica. He told guards he was “Basilius” of the Italian Orthodox Church and that he was the founder of the “Corpus Dei” order.  None of these things even exist, but were believable enough to get past the guards.

Before being caught he hosted a couple interviews where he gave his fake “credentials” and then stated for the cameras that he was there to talk about how the church made serious mistakes in the way they handled the pedophile scandal.

When he was finally caught, one dead give away being his fedora hat instead of the normal skullcap of the cardinals, he was escorted outside and booted to the curb.

(more…)