Penetration Testing mailing list archives
RE: Social Engineering ... ?
From: "mthompson" <mthompson () brinkster com>
Date: Tue, 23 Nov 2004 10:58:37 -0500
Hello group, The best way to do it is contact your local con artist and ask them questions. Social Engineering is like playing a musical instrument. You have to know what strings to pluck in order to hear good sounding music. Yes you can dumpster dive and things of that nature but the real essence of social engineering is how good of an actor you are. If you were a kid who used to make prank calls and with in the first 20 seconds started laughing, then that is going to be your weakness when you call a help desk. Because of the word social it brings a whole new element to the game verse the latter half Engineering which we are all comfortable with. You cannot engineer a person into giving up info but you can be social you can. Mike -----Original Message----- From: Marco Ivaldi [mailto:raptor () 0xdeadbeef info] Sent: Tuesday, November 23, 2004 3:12 AM To: pen-test () securityfocus com Subject: Re: Social Engineering ... ?
I am trying to find some good resources for social engineering methodologies and such performed as part of pen-test work.
OSSTMM's Section B (Process Security) is a good start, though the version currently on-line needs to be expanded a bit: http://www.osstmm.org/ A very interesting source of social engineering examples is the book "The Art of Deception: Controlling the Human Element of Security", by Kevin Mitnick, William Simon, and Steve Wozniak. SecurityFocus and PacketStorm also host some articles on this subject: http://www.securityfocus.com/infocus/1527 http://www.securityfocus.com/infocus/1533 http://www.securityfocus.com/guest/5044 http://packetstormsecurity.nl/docs/social-engineering/ Finally, for italian speakers: http://blackhats.it/en/papers/social_engineering.pdf Hope it helps. Cheers, -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
Attachment:
smime.p7s
Description:
Current thread:
- Social Engineering ... ? Bones (Nov 22)
- RE: Social Engineering ... ? Rob Shein (Nov 23)
- Re: Social Engineering ... ? richardw (Nov 24)
- Re: Social Engineering ... ? Jay D. Dyson (Nov 23)
- RE: Social Engineering ... ? dave kleiman (Nov 24)
- Re: Social Engineering ... ? ctg (Nov 24)
- RE: [in] Social Engineering ... ? Curt Purdy (Nov 24)
- <Possible follow-ups>
- Re: Social Engineering ... ? Marco Ivaldi (Nov 23)
- Re: Social Engineering ... ? David Hodges (Nov 23)
- RE: Social Engineering ... ? mthompson (Nov 25)
- RE: Social Engineering ... ? Keith T. Morgan (Nov 26)
- Re: Social Engineering ... ? webmaster (Nov 27)
- RE: Social Engineering ... ? Rob Shein (Nov 23)