July 2013 Newsletter 

Vol. 04 Issue 46  

In this issue

  • Telepresence Machines and Social Engineering
  • Social-Engineer News
  • Upcoming Classes
  • What's coming...
  • Social Engineering Penetration Tests

Social-Engineer News 

Are you excited about Defcon 21? Are you even more excited about the Social-Engineer Capture the Flag? Even more excited about the brand new Social-Engineer Village at Defcon 21??? Join us and welcome an amazing podcast guest and live show at the SECTF, Apollo Robbins!

This is going to be an AMAZING show and an AMAZING EVENT. The doors will be locked when the seats are full! Want more info the Defcon Schedule and Blog post is here .


    The team at Social-Engineer is really excited to announce our brand new service - The Social-Engineer Mastermind Group.  For more info click below:

    As a member of the newsletter you have the option to OPT-IN for special offers.  You can click here to do that.

    Check out the schedule of upcoming training on Social-Engineer.com


    Las Vegas, Black Hat July 2013

    Las Vegas, Sans Network Security, Sept 16-20, 2013

    We are limiting the number of attendees in each class to 22 and under, so first come first serve.

    • 5 days of ground breaking training (4 Days for Black Hat)
    • The Social Engineering Penetration Testing Course guide
    • Special tools to enhance your SE practice
    • A Chance to take the first ever Social Engineering Pentesting Certification
    • Lots more

    If you want to ensure your spot on the list register now - Classes are filling up fast and early!

    Do you like FREE Stuff?

    How about the first chapter of Chris Hadnagy's Best Selling Book:  Social Engineering: The Art of Human Hacking?

    If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now! 

    If you no longer want awesome social engineering information you can Unsubscribe from this Newsletter

    Check out the awesome music of Dual Core - IT geek, Rapper and all around awesome guy...

    To contribute your ideas or writing send an email to contribute@social-engineer.org

     What's coming up..

    If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.

    Want to say thank you to our sponsors this month

    - Spy Associates for continually giving us some awesome products to test out.

    - The EFF for supporting freedom of Speech

    A special thanks to our Editor:
    John 'J' Trinckes, Jr

    Check out Robin Dreeke's amazing book called "Its Not All About Me" packed with the top 10 techniques to building rapport fast. It is an awesome book!




    Can Sylvester Stallone Predict The Future?

    SYLVESTER STALLONE CAN PREDICT THE FUTURE!?!? Nope. But bear with us. For those of us who have seen Demolition Man, that awful 1993 sci-fi vehicle about a futuristic SoCal, you may remember a scene where the villain holds a meeting in which all attendees are represented by telepresence.


    Now while the original concept is old news in the face of video conferencing, there are even more interesting advances which mobilize the telepresence machines. This leads to the very real possibility that future environments will include people who are working remotely but able to interact in their surroundings and with co-workers in real time. What implications might this have for the social engineer? The bottom line is that we won’t truly know until we get there. But what we hope to do in today’s article is help you consider the SE applications in what is already a very interesting tech story.

    Think Like A Target

    Let’s think first from the perspective of the target. Depending on the capabilities of the telepresence robot, that individual may be very limited in their ability to perceive the qualities that make you, the social engineer, effective at what you do. What if your pretext depends on being anxious and sweaty, or having just spilled a cup of coffee on yourself? And if you had planned to use props, you may need to make some major adjustments in your approach to accommodate their limited ability to see and interact with you. One final thing to consider is that although the target is in a work environment, this person is likely telecommuting from home. What other possible distractions exist in that environment that you have no knowledge of and cannot control? What this also means is that you will likely be unable to use any of it to your advantage. If you were at someone’s desk, perhaps you could have used a picture of a vacation as an ice-breaker and validation; this avenue may be closed to you in this situation.

    And You, The Social Engineer

    The target will have a harder time reading you and/or responding to your pretext. That’s a problem. But it’s an even bigger problem from the vantage point of the SE. How does the situation affect your ability to read the target? Short answer: in just about every way imaginable. Since the majority of telepresence systems typically display just the face of the individual, this has the potential for greatly reducing your ability to read non-verbals and perhaps even microexpressions, depending on the resolution of the monitor and transmission delay. Is the target twisting their hands in anxiety, or steepling to assert dominance? Did you just miss a subtle indicator of facial empathy due to a glitch in video transmission? In addition, both the quality of the person’s microphone and the telepresence speakers may interfere with your ability to determine voice inflection.

    You will be forced to make judgments about a person’s openness, comfort levels, and general willingness to assist based on a flat monitor screen of their face and canned levels of built-in speakers.

    The final piece of the equation is what research tells us about influence. In 1961, psychologist Stanley Milgram conducted his infamous studies on obedience to authority figures (Milgram, S., (1963) Behavioral study of obedience. Journal of Abnormal and Social Psychology, 67 (4), 371-8.) In short, he found that the majority of individuals would comply with instructions to administer what they believed to be electrical shocks to another participant. What is most relevant to this discussion, however is this;

    Milgram ran several variations of his original study, and one of the conditions he found that greatly affected compliance was the proximity of the authority figure (Milgram, S., (1974) Obedience to Authority; An Experimental View. New York: HarperCollins.). People were much less likely to obey as the authority figure’s immediacy decreased. You see where we’re going with this, right? The very fact that you will not be able to physically occupy another individual’s space may affect your ability to influence them.

    The Triple Threat

    What we have here is a triple threat. A new technology that impacts the target, the SE, and the environment. Despite this, there is little doubt regarding a few points. One, people will rely on technology to protect them. Someone reading this may feel safe from an SE attack behind the comforting barrier of a telepresence robot. Two, attackers will find a way around it through technical and other means. Simply put, hackers have been around as long as there have been barriers to overcome and stuff to break and/or appropriate.

    In the best of all possible worlds, telepresence robots are an advancement that opens access to people of all abilities. But with any new “shiny, pretty”, this creates conditions that challenge us at SEORG to think in different ways about pros/cons, and how they may be exploited. Just as we can expect technology to advance, we will be pushed to find new and innovative ways to keep you safe. Until next time.

    Written by:  Michele "sn8kebyte" Fincher


    We want to thank the sponsors for the Defcon 21 SECTF





    As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


    Also check out our friends at: