Something that bothers me, and I often comment about during my presentations is the media’s portrayal of a “hacker”. Hackers are shown as someone wearing gloves and a ski mask on a computer. I know that this is for effect to show criminal activity, but the issue here is that these sort of ideas stick … More Spotting the Social Engineer
While working on a two-week long engagement with a client, we had built enough rapport to joke openly, and be ourselves (which is a scary thought). Through this, I had started teasing him about his departments “security awareness” posters. These things were so cheesy. So, at the end of the two weeks, as we were … More Vintage Security Awareness Posters
Recently, I performed a physical assessment against a large hospital. There are several gaps that were discovered, but I will not cover those in this post. With the high level of traffic in an environment like a hospital with many employee types, patients, vendors, volunteers, etc., it’s common for many people to be in/out of … More Physical Assessments Against Hospitals
Here, we are going to document useful tools we utilize during the Open-Source Intellignce (OSINT) phase of our assessments. Feel free to send suggestions of tools/websites that you like to use as well. https://start.me/p/ELXoK8/bellingcat-osint-landscape A wealth of links broken down into different categories. Highly recommended! http://osintframework.com/ Excellent starting point! A well-maintained repository of well-known OSINT … More OSINT Resources
SE Village talks are now available! Check out our most recent talk “Skills For A Red Teamer” … More DEFCON SE Village Talk
A small toolkit for the field when performing onsite social engineering assessments. … More Red Team Field Kit – Lite
Podcast discussing social engineering and knowing your adversary. … More Know your adversary: Focus on social engineering
As a pentester and former street magician, I have used distraction and trickery to divert the attention of a target, mostly through social engineering. This has helped me professionally and during parties. A 2014 article written by Kacey Henley lists some of the old fashioned short and long cons (albeit names vary) that still work … More 10 Classic Cons
A couple of tips and examples of the “Red Team Toolkits” that we typically use in the field. … More Red Team Toolkits
My #Hack5 LAN Turtle is ready for deployment! This has certainly been a helpful tool to use for #SocialEngineering assessments. –Brent
