Why Project Scope Matters
September 13, 2019
In the wake of recent events with a physical security assessment, there are a few things that stand out… … More Why Project Scope Matters
Category: Social Engineering
Spotting the Social Engineer
November 25, 2018
Something that bothers me, and I often comment about during my presentations is the media’s portrayal of a “hacker”. Hackers are shown as someone wearing gloves and a ski mask on a computer. I know that this is for effect to show criminal activity, but the issue here is that these sort of ideas stick … More Spotting the Social Engineer
Vintage Security Awareness Posters
May 11, 2018
While working on a two-week long engagement with a client, we had built enough rapport to joke openly, and be ourselves (which is a scary thought). Through this, I had started teasing him about his departments “security awareness” posters. These things were so cheesy. So, at the end of the two weeks, as we were … More Vintage Security Awareness Posters
Physical Assessments Against Hospitals
December 22, 2017
Recently, I performed a physical assessment against a large hospital. There are several gaps that were discovered, but I will not cover those in this post. With the high level of traffic in an environment like a hospital with many employee types, patients, vendors, volunteers, etc., it’s common for many people to be in/out of … More Physical Assessments Against Hospitals
OSINT Resources
November 8, 2017
Here, we are going to document useful tools we utilize during the Open-Source Intellignce (OSINT) phase of our assessments. Feel free to send suggestions of tools/websites that you like to use as well. https://start.me/p/ELXoK8/bellingcat-osint-landscape A wealth of links broken down into different categories. Highly recommended! http://osintframework.com/ Excellent starting point! A well-maintained repository of well-known OSINT … More OSINT Resources
DEFCON SE Village Talk
October 23, 2017
SE Village talks are now available! Check out our most recent talk “Skills For A Red Teamer” … More DEFCON SE Village Talk
Red Team Field Kit – Lite
September 5, 2017
A small toolkit for the field when performing onsite social engineering assessments. … More Red Team Field Kit – Lite
Know your adversary: Focus on social engineering
August 28, 2017
Podcast discussing social engineering and knowing your adversary. … More Know your adversary: Focus on social engineering
10 Classic Cons
February 7, 2017
As a pentester and former street magician, I have used distraction and trickery to divert the attention of a target, mostly through social engineering. This has helped me professionally and during parties. A 2014 article written by Kacey Henley lists some of the old fashioned short and long cons (albeit names vary) that still work … More 10 Classic Cons
Red Team Toolkits
February 1, 2017
A couple of tips and examples of the “Red Team Toolkits” that we typically use in the field. … More Red Team Toolkits
Hak5 LAN Turtle
November 8, 2016
My #Hack5 LAN Turtle is ready for deployment! This has certainly been a helpful tool to use for #SocialEngineering assessments. –Brent
The Thief
November 2, 2016
A blog that Tim wrote about a recent red team assessment utilizing a RFID thief hidden inside a “covert clipboard”: https://www.solutionary.com/resource-center/blog/2016/11/the-thief/
Hotel Room Security Or Lack Thereof
July 9, 2016
Tim here. So, with consulting work comes travel. Over the years, I have traveled extensively and stayed in a variety of hotels and suites. Through this experience, I have noticed several issues with hotel (specifically room) security. In this blog, I am going to walk you through some of the consistent issues that I notice … More Hotel Room Security Or Lack Thereof
“Trust, yet verify” – A Social Engineering Assessment
February 3, 2016
Here is a blog post Brent wrote recently for work regarding a social engineering / physical security assessment that I performed: https://www.solutionary.com/resource-center/blog/2016/02/social-engineering-assessment/
Creating a simple phishing site
November 19, 2015
In this scenario we want to bypass the e-mail filtering and go straight for the Domain Credentials of the target(s) in Scope. There are several options out there, so please note this is just a generic and simple one for those hungry for a quick idea. Form HTML Code that you would add to your … More Creating a simple phishing site
Hak5 Interview – Def Con 22
August 18, 2014
Brent here. Just wanted to thank Darren Kitchen and crew for the quick interview in the Hacker Abduction van at Def Con 22. If you’re interested in watching, here you go:
