What damage does social engineering really cause anyway?


Sometimes in the tech field, we can get so caught up in “what’s new” that we lose sight of the importance of “what’s practical.” The coolest new digital hacks are interesting but when it comes to information security, longevity and popularity of attacks relevant to your industry are what awareness campaigns are built on. The massive amounts of financial damage caused by social engineering attack vectors is hard to grasp because there is no before and after image of a bank vault being emptied. The lack of tangible and easy to see stacks-of-money to show the various types of loss generated from such attacks (loss of confidence, loss of market shares, cost of litigation, etc) makes it easier to focus on the flashy news headlines without understanding the sheer size of the damage caused by SE tactics.

Continue Reading >

Implicit Bias – Chances Are, You Have One


Here’s an oldie but goodie. A man and his son are in a serious car accident and both are taken to the emergency room, unconscious. The boy is wheeled immediately into surgery. The surgeon takes one look at him and says, “I can’t operate on this child, he’s my son.” Who is the surgeon?

Let’s Go Vishing


Vishing, or eliciting information over the phone, is a common social attack vector. It’s proven to be one of the most successful methods of gaining information needed to breach an organization, even when used by an inexperienced attacker. When you can’t hack your way through your pentest, when you can’t break in with your red-team, Continue Reading >

Post-Cyber Monday survival


Congratulations! You survived Black Friday and Cyber Monday (personally, I’m holding out for “Free Cookies Friday”), but what now? You could sit back and enjoy your spoils of war, ahem, I mean shopping, or you could start a new tradition: Post-Cyber-Monday checklist. Sounds exciting, doesn’t it? Maybe it’s not up there with “Free Cookie Friday” Continue Reading >

Danger: Dopamine Addiction


People like to be appreciated and know they are good at what they do. This goes for social engineering pentesters, too. We are contracted to think like the bad guys but are actually the good guys. This means we don’t post the details of a cool hack we found to get through a specific organization’s Continue Reading >



As sophisticated, targeted attacks become increasingly prevalent, today’s organizations are being challenged, now more than ever.  In effort to shed light on the nature of these types of attacks, Social-Engineer hosts an annual Social Engineering Capture the Flag (SECTF) competition at the DEF CON hacking conference in Las Vegas.  At this conference the security elite Continue Reading >

DerbyCon 4.0 – Family Rootz


“This is DerbyCon” where the final words echo’ed in a very emotional closing video that David Kennedy put together for the ending of the DerbyCon 4.0 Conference. Its a con… why would it affect anyone so strongly?  Don’t we all just go to these things to see new hacks, spend some quality time with beer Continue Reading >

The Social-Engineer Polygraph Challenge


Lots of questions have been coming in regards our DerbyCon Contest to be held at our Social-Engineer, Inc. sponsor booth.  So let me take a few moments to answer the questions and outline the competition. We wanted to have something fun, challenging and also unique.  Chris reached out to the National Institute of Polygraph Examiners and Continue Reading >

DerbyCon 4.0 & Social-Engineer


Social-Engineer is on the road again! This time you’ll see our friendly faces popping up in Louisville, KY at DerbyCon, 24-28 September. In true SEORG style, we’ll be hitting the ground at 150 mph leaving secret decoder rings and lock picks in our wake. You’ll have plenty of chances to say hello to Chris and meet Continue Reading >