Subliminal Hacking Blog, Author at Social Engineering Blogs

Subliminal Hacking Blog July 24, 2016

Reality Bending … Online Hypnosis Training with James Brown

Subscribers and regular visitors to the blog will know I am a fan of hypnosis, and like most things I am passionate for I am always on the look out to discover new ways of doing things, gaining perspective of others and generally a healthy thirst for knowledge. You will of noticed I have purchased a few of James Brown products recently (specifically from the POWA range) and even though I have trained with James before I have never looked at his approach to hypnosis specifically, so when he released online hypnosis training material “Reality Bending” I was keen to check it out and at $147 USD I thought it could be reasonable value for money.

So in this post I will provide a general overview of the content as well as my conclusion and if I think its worth you spending the money if you have an interest in developing your hypnotic abilities.
If you don’t want to read and just get on with learning / seeing something, click the image at the end of the post and get access to a FREE video to learn the “Stuck” foot stick method.

For years we have studied and practiced hypnosis but never quite felt comfortable with the way it was explained.All the rituals seemed a little silly and never really explained what was happening. All the talk of putting people to sleep and entering their subconscious mind seemed, well, far fetched. Even when it worked (which it did!) the difference in others reaction was vast, and merely saying ‘some people can’t be hypnotised’ felt like a weak cop-out. We wanted something easy to understand.

In this training we will destroy the myths and kill the gods leaving you with a clear understanding of what’s really going on. From this simple foundational understanding we will teach you to create dramatic suggestions.

Introduction – As you would expect this covers a welcome section to introduce you to the principle and agenda of the training, James also provides some background on himself and personal usage of method and development, then we finish up by discussing the “conventional” perception of hypnosis and the methods considered by most to be the defacto approach. This section is about 15 minutes.

Foundations – In this section James sets out the approach that will be taken on the learning journey of the course, he then spends some time talking about suggestion and that essentially depending on the delivery and intent everything is / can be suggestion. Then we discuss fear and the various barriers people put in place as reasons why something cant be done or attempted. This section is about 45 minutes.

Ingredients – This portion of the training is broken up into 5 sections, and its through these sections that we start to cover the ingredients to James method of hypnosis, specifically around creating the belief and stimulating the imagination. This is a big portion of the substance to help you understanding the guiding principles of the hypnosis approach, its not a formula as such its more a capability to understand the recipe and adjusted flavourings you need for the various types of people you encounter. This section is about 60 minutes.

In the trenches – This is one of my favourite parts of the training and wish more people did this. This is various footage of the material being used in the real world, the successes but more importantly when things didn’t quite go as planned and how to handle these situations. So many people just want to show the polished material, but in a training context you need to see and understand everything, worts and all. This section is about 170 minutes.

Conclusion – To conclude the training James summaries the content covered, and also very briefly touches on the subject of safety. This section is about 10 minutes.

Bonus – As for this bonus material, I am not sure if everyone gets this or if its time dependant, but I have also seen some new material added since I first purchased the course (the joys of online content). In the bonus section James present the “Stuck” approach which you can view for FREE below, there is also footage of James presenting at the Change Phenomena Conference from back in 2010, along with some content from TedMed 2013 and a Berlin Magic Conference in 2015. Finally there are two extra new additions in my version, one is on self hypnosis and another on rapid inductions. Over 6 hours of bonus content.

So is it worth the money?? I think if your new to hypnosis and have only read some books and watched some videos on YouTube and are struggling then 1000% its money well spent and video format is really helpful to hone your technique and get out there and just do it. If your not new to hypnosis then perhaps you want learn something new if you think you know it all, but I still think its worth the money as you get additional perspective. Alot of what James covers in this course I would say is similar to my approach, but he broke some things down further and certainly got my cogs whirring into action in how I had assessed things before. Depending what side of the ocean you are on in this post Brexit economy this could be even more of a steal If you do go ahead and make the purchase in the future please come back and leave a comment, was it great and informative or a total waste of money, I am always interested to hear what my readers think.

As mentioned earlier, if you what to wet your hypnotic whistle then check out the “Stuck” tutorial for FREE by clicking the image below. Thanks for reading, please like, share and subscribe I really appreciate it.

Stuck

Subliminal Hacking Blog July 9, 2016

Ethical Boundaries of Simulated Testing

Like most days social media is flowing with opinions, perspectives, ego and testosterone

The most recent discussions that have sparked my interest have been those around what is or in many cases isn’t considered to be accurate or real simulated testing.

Like others I have my opinion on what this means to me and I don’t want to go into all the details of my opinions, approaches or theories here, but I wanted to make a couple of observations that I think are primary to the boundaries that exist in the world of simulated testing. I am not focusing on any specific part of simulated testing, but obviously in the context of things here I gravitate to the human elements associated with social engineering.

So here are my two main points. Point one, no simulated testing is every going to fully replicate the real adversary as if it does then now your the criminal also, point two a very select few outside of the real adversarial groups / gangs really know with suitable detail the TTPs used to allow full replication in a simulated scene.

No doubt some of you just spat your drink, cursed at the screen and crossed me off your christmas card list, but let me briefly clarify my thinking. The one thing that should separate a simulated vs real adversary should be their ethical boundaries they constrain themselves with. This should balance pushing the boundaries to their limit to replicate the real activities, but with strained to the point you are an employee or service provider to an organisation, and as a result their are lines that shouldn’t be crossed, as the personal damage could be substantial. A simple example could be that the real adversary sends emails and makes phones calls to the CEO of the company, making threats about family members to influence decision making, sure you could do this in a simulated environment, but then when its communicated it wasn’t for real, it was to test how people handle an adversary the damage is already done, the emotional turmoil has occurred and cannot be undone. The second point I make is that, no matter how good an intelligence function maybe, or whats read in the media the information is typically based on whats been discovered to date, hear say or some other theory. The reality is aside from the adversary themselves no one knows the full extent of their tools, tactics and procedures, so this is why I don’t believe anyone can claim to fully simulate anything, instead its more pragmatic to utilise the information, tools, techniques to push the boundaries to suitable levels within the ethical levels acceptable to the individuals conducting the work and those who are on the receiving end and or approved to authorise them.

Like everyone else on the Internet this is just my opinion, I don’t think there is one size fits all, and some approaches and appetites may deliver more value than others, but without ethics and without boundaries things become a darker shade of grey.

Subliminal Hacking Blog June 12, 2016

Inside the criminal mind … Criminal Psychology

Earlier this year I finished a diploma in Criminal Psychology and I thought I would share my high level thoughts on why I think its important to develop some form of appreciation for the criminal mind if your in the job of conducting adversarial simulations.

When you speak to someone about Red Teaming, Threat Simulations, Adversarial Testing or what ever you want to call it, people are often confused or consider it a high risk form of testing. While this can be true, it really depends on what form of criminal adversary you are simulating. This defines their motives, methods of operations and their ultimate objectives.

I think something that people outside of this type work don’t appreciate is that the types of criminals usually worth simulating are not looking to break all the things, they are looking to achieve their goals in the most cost effective, timely and undetectable way. Granted this doesn’t mean they may cause some chaos and destruction once the objective is achieved to cover their tracks, but in general a criminal who is out for financial gain doesn’t much disruption and infact may look to leave doors open to them to come back for repeat winnings. So when you step into mindset of this criminal group, I would say its actually pretty low risk in terms of destruction and disruption.

Of course their are groups of criminals where there intent is purely of destruction and disruption, but this can still be simulated in a safe and controlled manner, and should be tested to find out how effective does BCP work and perhaps attack that also. Regardless of if your looking at nation state attackers, organised crime, activists, corporate adversaries, insider threat, hacktivists or others, they will each have a different perception and mindset they are operating from that should be considered. Why is the objective important, what lengths would they go to, how will they handle frustration, whats seems ethically or morally acceptable to them, what would they do if they felt under pressure, or their activities where detected? All of these things she be thought about and play a part in the framework you operate from and will help your rationale for actions taken during a threat simulation.

Now clearly as a non criminal you cant / shouldn’t mimic everything, so common sense needs to come into play. However I think people to readily discount the value of understanding attacker thinking, and even though its not always easy to fully understand as there is often alot of FUD in the media, but there are good intelligence sources that can be utilised (internal and external), plus accounts from people in law enforcement (this includes psychologists), as well as the odd novel from convicted criminals who expand on what they did, why then did it, and why they perhaps considered it rational.

So I encourage those of you who conduct threat simulations, and in fact even those who are defenders of a corporation to invest some time to better understanding how the criminal thinks, for one it will be different to how you think, and you should challenge each other to think differently, and I hope ultimately it will make the work you do even more valuable.