Re: Social Engineering Formal Methodology

["CT" <ct () arnet com ar>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A formal methodology for conducting Social Engineering Assessments...
lets see. 
It depends on the intellectual capacity ( speaking and thinking
*during chat* ) on the one that uses this skill...  Is not very
formal and I nor have seen text in where it details perfectly like
applying it, this is implemented on the previus attack or during. 
I have seen an interrogation manual of marine corps... nice but old.
(Desclassified papers)  
Read some books of psychology, magic, charlatans of fair, persons'
manipulation or something like that... ( Varied literature or the
tastes in that the victim is interested. )
S.E can apply to secretaries, technical personnel, personnel of
hierarchy or of the level mas low of the company, drivers, personnel
of cleanliness, relatives, friends, neighbors, enemies and many
persons mas related to the target... a human or a company.
Competition, ancient associates and companions,  barber and other one
that gives him some service too.
Psychology, rhetoric and slang, maybe (sure) is good to learn for
every case and to be able to apply it with intelligence and
calmness... to obtain the necessary data to use in the final assault.

CT
www.heinekenteam.com 
To teach to the personnel of the companies and our friends is a good
beginning.
Sorry my poor english. Best regards.

- ----- Original Message ----- 
From: "Ilici Ramirez" <ilici_ramirez () yahoo com>
To: <pen-test () securityfocus com>
Sent: Thursday, March 07, 2002 5:08 AM
Subject: Social Engineering Formal Methodology


> Hi,
>
> There are many resources available on the web about
> Social Engineering (including NLP - my new hobby) -
> you can find them on google very quickly. But most of
> them contain "what is SE", some examples and
> references to other sites with the same stuff.
>
> Anyway ,as far as my research has gone I could not
> find any paper on A FORMAL METHODOLOGY for conducting
> Social Engineering Assessments. 
>
> In any audit if you do not follow a methodology you
> cannot guarantee for quality of the work.
>
> So, could anybody give us an advice?
>
> Best Regards,
> Ilici R

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPIgI0vu26CT57WQrEQLuiwCbBFuUIzulaQLNwmRwfJi22wsdbmkAn1w6
2D3UvprIJe6HDBy0W/Frs53r
=Hd0d
-----END PGP SIGNATURE-----




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/