Let’s Go Vishing


Vishing, or eliciting information over the phone, is a common social attack vector. It’s proven to be one of the most successful methods of gaining information needed to breach an organization, even when used by an inexperienced attacker. When you can’t hack your way through your pentest, when you can’t break in with your red-team, […]

Post-Cyber Monday survival


Congratulations! You survived Black Friday and Cyber Monday (personally, I’m holding out for “Free Cookies Friday”), but what now? You could sit back and enjoy your spoils of war, ahem, I mean shopping, or you could start a new tradition: Post-Cyber-Monday checklist. Sounds exciting, doesn’t it? Maybe it’s not up there with “Free Cookie Friday” […]

Danger: Dopamine Addiction


People like to be appreciated and know they are good at what they do. This goes for social engineering pentesters, too. We are contracted to think like the bad guys but are actually the good guys. This means we don’t post the details of a cool hack we found to get through a specific organization’s […]

Be The Change – Education, is it working?


An article from Dark Reading came out earlier this month that is still getting a lot of traction in the news. What’s the big band wagon that everyone is scrambling to jump on? It’s simple. Train employees on social engineering tactics. The article points out that more than half of security professionals say that social […]

Winning the SECTF – DEF CON 22


As written by Stephanie Carruthers The Social Engineering Capture The Flag (SECTF) is a competition that is held at DEF CON. The competition is comprised of two parts, an information gathering phase and live call phase. A target company is randomly assigned and the information gathering stage begins with research of the company (by only using […]

Celebrity Hacking – Was iCloud the culprit?


It seems like you can’t turn on the news right now and see the story about the celeb’s getting hacked.  Chris was even asked to speak about it with Fox Business Network. There are a lot of sensational reports about how this “hack” occurred, but lets just sit and think for a minute.  In the […]

What the SECTF4Kids is All About


If someone had told me 4 years ago when I was sitting in my office thinking up ways to make kids cry what this little competition would have turned into, I would not have believed them. But there I sat trying to figure out how to teach kids that social engineering skills can be used […]