Penetration Testing mailing list archives
Re: Social Engineering Data set
From: qxlr () twmi rr com
Date: Fri, 20 Oct 2006 13:56:08 -0400
Today's "Social Engineers" operate in much the same way as their predecessors, those ne’er-do-wells referred to in times past as grifters or confidence men. They always have a clear cut objective, manipulation of other individuals and circumstances is the means by which they meet it, and thanks to the facelessness of 21st century communications, exposure of a high value target, a rarity in the past, is now a commodity from a virtually inexhaustible supply. I rely a great deal on intuition, both personal and professional experience, (I was a paralegal (torts) for ten years; married to an criminal defense attorney) and the general hinkiness factor of someone or something. I sort of use my own psychological profile, which is in no way scientifically sanctioned, but utilizes recognized behavioral patterns. xun dong wrote:
I think what you said is correct, that's why I decide to research social engineering properly. It is no doubt that Phishing and pharming should belong to the family of social engineering attacks. The most important thing for this data set is that: completeness (covers as wide range as possible). I feel that I must missed some thing and if more people contribute to it the more complete the data set will be. Thanks for all people gave me suggestions, I have so far got 32 different social engineering attacks. I am now process it and then I will publish them on Internet for the community to use. I will try to get it done ASAP. Robinson, Sonja wrote:Many attacks are of the social engineering type. In fact themostnotable are or have obtained much of their information by those techniques- mitnick, poulsen etc. When doing audits and security reviews, I employ socialengineering tosee what people 'fess up. It is truly amazing. I would look at your search criteria. It is easier to havepeoplegive the keys then steal them yourself. Technically phishing is social engineering. It is a manipulation of a user or otherparty to"give up" pertinent information so that you can gain access. Sothereis plenty of info. ------Original Message------ From: xun dong To: pen-test () securityfocus com To: security-basics () securityfocus com Sent: Oct 11, 2006 6:31 AM Subject: Social Engineering Data set Hello list; I am currently doing research on Social Engineering Attacks.Unlike thetechnical hack, I found that there is few useful and welldocumented SEattack examples on the Internet. So I decided to create a dataset forSE attacks, and I am willing to publish it for free on the
Internet.
However, I think only my own experience would not be able tomake thisdataset as comprehensive as possible. So I would like to ask forhelp onthis list. If you think you have SE attack examples, you canemail me.Of course for confidential reason you should not use the realname inyour example. If you don't mind I will also publish your namealong withthe example you provided. Thanks a lot in advance. I hope thiscould bea step forwards in protecting against SE attacks. -- Xun Dong Research Associate Department of Computer Science University of York
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- RE: Social Engineering Data set, (continued)
- RE: Social Engineering Data set Mustafa Yücelgen (Oct 12)
- Re[2]: Social Engineering Data set Matthew Leeds (Oct 12)
- Re: Social Engineering Data set xun dong (Oct 12)
- Re[2]: Social Engineering Data set Matthew Leeds (Oct 12)
- Re: Social Engineering Data set Lee Lawson (Oct 12)
- Re: Social Engineering Data set Frynge Customer Support (Oct 12)
- RE: Social Engineering Data set Thomas W Shinder (Oct 12)
- RE: Social Engineering Data set Craig Wright (Oct 12)
- Re: Social Engineering Data set xun dong (Oct 12)
- Re: Social Engineering Data set Magdelin Tey (Oct 13)
- Re: Social Engineering Data set xun dong (Oct 12)
- Re: Social Engineering Data set qxlr (Oct 20)
- RE: Social Engineering Data set Mustafa Yücelgen (Oct 12)