Hacking and social engineering. Discuss. For openers I'll repeat a trick I mentioned in another thread. This trick will work a majority of the time on a great number of people. Things to remember are never overuse a technique on a 'target', it weakens it's effectiveness and increases your chance of discovery. 80% of hacking is social engineering. Time to get your used car salesman on. For this example we'll assume that your target is your boss (or the contact point for the contract you're executing), and he has failed to implement a strategy to insure that VPN passwords are rotated in regular intervals. We simply suggest to the target that we will be performing a duty previously assigned to us which may or most likely not have been assigned. "I'm going to rotate the VPN passwords as you suggested. I was mulling over your suggestions and 30 days seems like a perfect interval. Perhaps we should even make an event on the calendar to remind whoever's working that day?" The target is unlikely to challenge you as he won't want to seem forgetful and remiss in his duties to perform a task that he knows should be performed and may or may not have failed to perform in the past. Later, when someone pats him on the back for implementing the change you suggested, he's going to recall that and he'll owe you for putting him in good favor with his boss YMMV
I think Mr. Robot should be study material for this class It is 80% social engineering. 15% Chinese hacking and coding. 5% kiddie scripting. Sounds about right to me!
I got an email from CompTIA about an upcoming webinar. https://www.comptia.org/events/view...and-penetration-testing-tips-tricks-and-traps Sounded interesting. Only an hour, however, so it sounds like it will be super basic. I get CE credit for it, which I will need to continue to earn in order to keep my certs. It is free for anyone who wants to attend, however.
Fascinating. The San Francisco story in particular. After the fired IT guy, Terry Childs, locked the City out of its system by making himself the only administrator and changing the password, no one could hack into the system. The story says that the City paid some company or person(s) $1.5 million to try to break into their own system after Childs locked them out. Either the consultants were no good or Childs was that good. Wow!
