Why Project Scope Matters
In the wake of recent events with a physical security assessment, there are a few things that stand out… … More Why Project Scope Matters
In the wake of recent events with a physical security assessment, there are a few things that stand out… … More Why Project Scope Matters
Something that bothers me, and I often comment about during my presentations is the media’s portrayal of a “hacker”. Hackers are shown as someone wearing gloves and a ski mask on a computer. I know that this is for effect to show criminal activity, but the issue here is that these sort of ideas stick … More Spotting the Social Engineer
While working on a two-week long engagement with a client, we had built enough rapport to joke openly, and be ourselves (which is a scary thought). Through this, I had started teasing him about his departments “security awareness” posters. These things were so cheesy. So, at the end of the two weeks, as we were … More Vintage Security Awareness Posters
Recently, I performed a physical assessment against a large hospital. There are several gaps that were discovered, but I will not cover those in this post. With the high level of traffic in an environment like a hospital with many employee types, patients, vendors, volunteers, etc., it’s common for many people to be in/out of … More Physical Assessments Against Hospitals
Here, we are going to document useful tools we utilize during the Open-Source Intellignce (OSINT) phase of our assessments. Feel free to send suggestions of tools/websites that you like to use as well. https://start.me/p/ELXoK8/bellingcat-osint-landscape A wealth of links broken down into different categories. Highly recommended! http://osintframework.com/ Excellent starting point! A well-maintained repository of well-known OSINT … More OSINT Resources
SE Village talks are now available! Check out our most recent talk “Skills For A Red Teamer” … More DEFCON SE Village Talk
A small toolkit for the field when performing onsite social engineering assessments. … More Red Team Field Kit – Lite
Podcast discussing social engineering and knowing your adversary. … More Know your adversary: Focus on social engineering
As a pentester and former street magician, I have used distraction and trickery to divert the attention of a target, mostly through social engineering. This has helped me professionally and during parties. A 2014 article written by Kacey Henley lists some of the old fashioned short and long cons (albeit names vary) that still work … More 10 Classic Cons
A couple of tips and examples of the “Red Team Toolkits” that we typically use in the field. … More Red Team Toolkits
My #Hack5 LAN Turtle is ready for deployment! This has certainly been a helpful tool to use for #SocialEngineering assessments. –Brent
A blog that Tim wrote about a recent red team assessment utilizing a RFID thief hidden inside a “covert clipboard”: https://www.solutionary.com/resource-center/blog/2016/11/the-thief/
Tim here. So, with consulting work comes travel. Over the years, I have traveled extensively and stayed in a variety of hotels and suites. Through this experience, I have noticed several issues with hotel (specifically room) security. In this blog, I am going to walk you through some of the consistent issues that I notice … More Hotel Room Security Or Lack Thereof
Here is a blog post Brent wrote recently for work regarding a social engineering / physical security assessment that I performed: https://www.solutionary.com/resource-center/blog/2016/02/social-engineering-assessment/
In this scenario we want to bypass the e-mail filtering and go straight for the Domain Credentials of the target(s) in Scope. There are several options out there, so please note this is just a generic and simple one for those hungry for a quick idea. Form HTML Code that you would add to your … More Creating a simple phishing site
Brent here. Just wanted to thank Darren Kitchen and crew for the quick interview in the Hacker Abduction van at Def Con 22. If you’re interested in watching, here you go: