Hacking & Social Engineering (HSE101), a gotVirtual Educational Thread

Discussion in 'tech' started by Lain, 17 Sep 2015.

  1. Lain

    Lain End of line. #resist
    Sneaky

    Hacking and social engineering. Discuss.

    For openers I'll repeat a trick I mentioned in another thread. This trick will work a majority of the time on a great number of people. Things to remember are never overuse a technique on a 'target', it weakens it's effectiveness and increases your chance of discovery.

    80% of hacking is social engineering. Time to get your used car salesman on.

    For this example we'll assume that your target is your boss (or the contact point for the contract you're executing), and he has failed to implement a strategy to insure that VPN passwords are rotated in regular intervals.

    We simply suggest to the target that we will be performing a duty previously assigned to us which may or most likely not have been assigned.

    "I'm going to rotate the VPN passwords as you suggested. I was mulling over your suggestions and 30 days seems like a perfect interval. Perhaps we should even make an event on the calendar to remind whoever's working that day?"

    The target is unlikely to challenge you as he won't want to seem forgetful and remiss in his duties to perform a task that he knows should be performed and may or may not have failed to perform in the past.

    Later, when someone pats him on the back for implementing the change you suggested, he's going to recall that and he'll owe you for putting him in good favor with his boss

    YMMV
     
    • Like Like x 2
  2. Kita

    Kita Should Update Title

    I think Mr. Robot should be study material for this class :p It is 80% social engineering. 15% Chinese hacking and coding. 5% kiddie scripting. Sounds about right to me! :p
     
    • Like Like x 1
  3. Kita

    Kita Should Update Title

    • Like Like x 1
  4. Mulch

    Mulch Why does the drum come hither?
    Psychedelic

  5. Govi

    Govi Ça va chier.
    Bitchy

    Fascinating. The San Francisco story in particular. After the fired IT guy, Terry Childs, locked the City out of its system by making himself the only administrator and changing the password, no one could hack into the system. The story says that the City paid some company or person(s) $1.5 million to try to break into their own system after Childs locked them out. Either the consultants were no good or Childs was that good. Wow!
     
    • Like Like x 1
  6. Lain

    Lain End of line. #resist
    Sneaky

    It all depends on how we look at things, and not how they are in themselves.

    - Carl Jung
     

Share This Page