Fake It Till You Make It: Impersonation Attacks Ranging from Funny to Terrifying

People lie. It’s a fact of life. Recently at my 10 year reunion, I overheard people say they worked in everything from medicine to engineering, when I knew that these people worked in a big box retail store occasionally moving shelves and stocking meds. My wife lies to me every time I get excited about watching Star Wars, saying she is excited too and I’m totally not a nerd. Ok, that’s a lie… she…

SMiShing

At Social-Engineer, we define SMiShing as “the act of using mobile phone text messages, SMS (Short Message Service), to lure victims into immediate action. This action may include downloading mobile malware, visiting a malicious website, or calling a fraudulent phone number.” The word SMiShing comes from combining SMS, the technology behind texting with phishing, the practice of stealing…

Attack Vectors

What are attack vectors? They are the methods that adversaries use to breach or infiltrate networks. Malicious actors use a variety of attack vectors to compromise the security of individuals and organizations.  However, within this section we will outline the following four main categories: Phishing Pronounced just like fishing, phishing is the “practice of sending emails appearing to be from…

DEF CON 25 SECTF Rules and Registration

READ ALL OF THIS PAGE (that means every word on this page) BEFORE PROCEEDING – THE RULES ARE IMPORTANT! Synopsis: This truly unique event will challenge you and test your abilities to use social engineering skills to gather small amounts of data from unsuspecting companies over the phone. Each contestant will be assigned a target company.  Each contestant will be provided with flags, a sample…

Implicit Bias – Chances Are, You Have One

Here’s an oldie but a goodie. A man and his son are in a serious car accident and both are taken to the emergency room, unconscious. The boy is wheeled immediately into surgery. The surgeon takes one look at him and says, “I can’t operate on this child, he’s my son.” Who is the surgeon? When you decide on the answer, either congratulate yourself smugly or slap yourself on the forehead and…

Be The Change – Education, is it working?

An article from Dark Reading came out earlier this month that is still getting a lot of traction in the news. What’s the big band wagon that everyone is scrambling to jump on? It’s simple. Train employees on social engineering tactics. The article points out that more than half of security professionals say that social engineering tactics work so well because employees are not educated enough to…

Victory Nonverbal

Social engineers and psychologists may specialize in recognizing nonverbal cues but they have never won a Super Bowl with their skills. Richard Sherman and the Seattle Seahawks secondary did exactly that. By decoding some of the hand signals Peyton Manning used in Super Bowl XLVIII to communicate with his receivers, the Seahawks gained an advantage over the Bronco's offense. Sherman admitted he…

Maltego

Maltego is an open source intelligence and forensics application. Some consider Maltego an open source intelligence (OSINT) tool. It offers an interface for mining and gathering of information in a easy to understand format. Coupled with its graphing libraries, Maltego allows you to identify key relationships between information and identify previously unknown relationships between them. What…