Tim Roberts and I had a great discussion with Patrick from the social engineering-focused Layer 8 Conference. Not long ago, I made a post on Twitter asking which topics, tools, techniques others might like to have me write a blog post about. There were some great responses, such as “what do you do when you’re … More Layer 8 Social Engineering Conference – Podcast
Who’s Your Hacker interviewed Tim and I regarding social engineering, penetration testing, red teaming, surveillance, and much more. There were great questions, and some great insight to what we do. 🙂 Thanks for having us on!
Thanks to Low Voltage Nation for inviting me to be on another fun podcast!This one was in my office, where I focused on a handful of tools utilized for covert entry, wireless surveillance, social engineering, and a few more. You’ll hear me refer to other videos that demonstrate that particular tool being used. To save … More Covert Entry Closet – Podcast
Thanks to Kilo23 Group for the interview with Tim and I! We covered quite a bit during this regarding covert entry tools, social engineering techniques, COVID-19 effects of the job, Tiger King, and much more.
Thanks to Blake and Low Voltage Nation for hosting Tim and I for a fireside chat. We discussed some of the nitty-gritty of what it means to be a security consultant, breaking into buildings, time and self management, and much more. There’s also an exclusive peak into what has been dubbed my “serial killer” closet. … More Podcast – Low Voltage Nation
In the wake of recent events with a physical security assessment, there are a few things that stand out… … More Why Project Scope Matters
Something that bothers me, and I often comment about during my presentations is the media’s portrayal of a “hacker”. Hackers are shown as someone wearing gloves and a ski mask on a computer. I know that this is for effect to show criminal activity, but the issue here is that these sort of ideas stick … More Spotting the Social Engineer
While working on a two-week long engagement with a client, we had built enough rapport to joke openly, and be ourselves (which is a scary thought). Through this, I had started teasing him about his departments “security awareness” posters. These things were so cheesy. So, at the end of the two weeks, as we were … More Vintage Security Awareness Posters
Recently, I performed a physical assessment against a large hospital. There are several gaps that were discovered, but I will not cover those in this post. With the high level of traffic in an environment like a hospital with many employee types, patients, vendors, volunteers, etc., it’s common for many people to be in/out of … More Physical Assessments Against Hospitals
Here, we are going to document useful tools we utilize during the Open-Source Intellignce (OSINT) phase of our assessments. Feel free to send suggestions of tools/websites that you like to use as well. https://start.me/p/ELXoK8/bellingcat-osint-landscape A wealth of links broken down into different categories. Highly recommended! http://osintframework.com/ Excellent starting point! A well-maintained repository of well-known OSINT … More OSINT Resources
SE Village talks are now available! Check out our most recent talk “Skills For A Red Teamer” … More DEFCON SE Village Talk
A small toolkit for the field when performing onsite social engineering assessments. … More Red Team Field Kit – Lite
Podcast discussing social engineering and knowing your adversary. … More Know your adversary: Focus on social engineering
As a pentester and former street magician, I have used distraction and trickery to divert the attention of a target, mostly through social engineering. This has helped me professionally and during parties. A 2014 article written by Kacey Henley lists some of the old fashioned short and long cons (albeit names vary) that still work … More 10 Classic Cons
A couple of tips and examples of the “Red Team Toolkits” that we typically use in the field. … More Red Team Toolkits
My #Hack5 LAN Turtle is ready for deployment! This has certainly been a helpful tool to use for #SocialEngineering assessments. –Brent
A blog that Tim wrote about a recent red team assessment utilizing a RFID thief hidden inside a “covert clipboard”: https://www.solutionary.com/resource-center/blog/2016/11/the-thief/
Tim here. So, with consulting work comes travel. Over the years, I have traveled extensively and stayed in a variety of hotels and suites. Through this experience, I have noticed several issues with hotel (specifically room) security. In this blog, I am going to walk you through some of the consistent issues that I notice … More Hotel Room Security Or Lack Thereof
Here is a blog post Brent wrote recently for work regarding a social engineering / physical security assessment that I performed: https://www.solutionary.com/resource-center/blog/2016/02/social-engineering-assessment/
In this scenario we want to bypass the e-mail filtering and go straight for the Domain Credentials of the target(s) in Scope. There are several options out there, so please note this is just a generic and simple one for those hungry for a quick idea. Form HTML Code that you would add to your … More Creating a simple phishing site
