Children Hacking Websites

As a parent of an 11-year-old boy, I always wonder what he’s going to get himself into. (usually after reflecting on what I did when I was younger) I didn’t want him not to use technology, so I started him off with an iPod then when I got a new iPad, I gave him my old one. At first it was just for playing games and some music he liked, and he watched a few videos that we downloaded for him. Then…

Your Appliances Are On The Attack

Friday, October 21st was a rough day for many on the internet. This was the day a massive DDoS attack took place against Dyn DNS; taking sites like Twitter, Amazon, New York Times, and many others off line. The day that your appliances are on the attack. With our favorite social media tools down OSINT was slim, so we had to find other ways to pass our time (thank you Candy Crush) You may be…

Vishing

At Social-Engineer, we define vishing as the practice of eliciting information or attempting to influence action via the telephone. Vishing, also known as voice phishing, is a dangerous attack vector. In fact, according to a recent report from the Federal Trade Commission (FTC), the phone is the top way that scammers reach us. And when scammers contact us by phone, they have a high success rate.…

Phishing

At Social-Engineer, we define phishing as the “practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information.” (Hadnagy, Fincher. Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. Wiley, 2015). Phishing is one of the biggest cybercrime threats facing organizations and individuals today. According to the…

Technical Methods of Information Gathering

There are a variety of technical methods for information gathering. Some methods require high-tech equipment and in other situations low-tech options will work. No one source of information is the leading method to use. Nor is one method likely to give you enough data for the compromise. When preparing for a penetration test utilize multiple methods of gathering information and then synthesize…

Impersonation

At Social-Engineer, we define impersonation as the “practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system.” Impersonation scams can be carried out via social media platforms, phone, or even email. However, in this Framework Page we are focusing on physical impersonation attacks with the intent to gain physical…

Danger: Dopamine Addiction

People like to be appreciated and know they are good at what they do. This goes for social engineering pentesters, too. We are contracted to think like the bad guys but are actually the good guys. This means we don’t post the details of a cool hack we found to get through a specific organization’s security over social media. Embarrassing a client is never good business! Despite the fact that SEs…

Winning the SECTF – DEF CON 22

As written by Stephanie Carruthers The Social Engineering Capture The Flag (SECTF) is a competition that is held at DEF CON. The competition is comprised of two parts, an information gathering phase and live call phase. A target company is randomly assigned and the information gathering stage begins with research of the company (by only using open-source intelligence and no physical contact)…