Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Social Engineering 101 Workshop … Hash Days 2011 Lucerne Switzerland

This year I have the honour of giving a workshop at Hash Days 2011 in Lucerne Switzerland. The course will run on the 26th and 27th October 2011, coffee breaks, snacks and lunch will be provided, all located at the Radisson Blu in Lucerne. All attendees will receive full copies of the workshop slides including notes, and will have the opportunity to have 1 to 1 discussions with myself to discuss other related workshop topics that they would like more information on.

Registration is now open, so CLICK HERE TO REGISTER

Course Details :

Overview :
All  organizations  have  one  vulnerability  in  common  and  that’s  the  staff.  People  are  valuable  in
making  an  organization  function  but  sadly  the  wetware  is  vulnerable  to  attack.  In  this  course  we
will  look  at  how  to  exploit  those  vulnerabilities.  Attendees  will  cover  the  fundamentals  required
on  a  social  engineering  engagement,  such  as  the  approval  and  planning  stages,  information
gathering  and  execution.  However,  the  main  focus  of  the  course  will  be  the  subliminal  hacking
skills.    In  this  course,  we  understanding  how  the  mind  works  and  why  it’s  vulnerable,  and  how  to
exploit  it  as  well  as  how  language  is  a  powerful  influencer.  Body  language  will  also  be  discussed,
how  to  read  it  and  use  to  our  advantage,  as  well  as  how  to  build  and  operate  a  successful  pretext.
The  subject  of  ethics  is  often  raised  in  connection  with  many  manipulation  techniques,  so  we
shall  also  touch  upon  this,  as  well  as  how  you  can  reduce  the  risk  of  being  social  engineered
yourself  or  your  company.  We  will  also  cover  useful  tools  for  information  gathering,  as  well  as
handy  equipment  whilst  on  the  job,  this  course  is  not  intended  to  teach  you  how  to  run  ports
scans,  exploit  application  vulnerabilities  and  drop  shell,  its  about  how  to  hack  the  mind  and
influence  the  situation  to  your  meet  your  goal.
You  do  NOT  need  any  previous  experience  to  Social  Engineering  or  Penetration  Testing.  If  you
have  thirst  for  knowledge  and  an  open  mind  to  new  possibilities  this  course  is  for  you.
Learning  Objectives:

What  is  social  engineering
Authorization  and  Scoping  Documents
Information  Gathering  Techniques
Engagement  Methodology
Reporting
Mind  /  Brain  Vulnerabilities
Psychological  Approach
Linguistics  /  NLP  /  Hypnosis
Body  Language  /  Micro  Expressions
Elicitation  /  Rapport
Persuasion  /  Influence  /  Manipulation
Pretexting  –  Being  THE  social  engineer
Engagement  mediums  –  Phone  /  Email  /  Face  2  Face
Ethical  and  Moral  Concerns
Handling  Failure
Social  Engineering  Risk  Reduction
Defense  Strategies  for  your  Business
Tooling  for  the  job

Who  Should  Attend: 

Pen-­-testers  who  want  to  get  into  Social  Engineering
Anyone  who  is  responsible  for  Information  Security
Anyone  who  is  curious  in  learning  techniques  to  influence
Company  personnel  responsible  for  security  awareness

Hardware  Requirements:  

Laptop  (Netbooks  not  preferred)
Windows  OS  (Physical  or  VM)
Ability  to  run  VM’s  (VM  Player,  etc)

 

Extra Sensory Perception

As technology continues to advance at such a fast pace, we are inundated with creative ways to see and understand the world and people around us.

NewScientist has just released information on MIT’s Media Lab’s newest project – emotion recognition glasses.

No doubt this would be beneficial for many social situations and would probably avoid social gaffes as the article suggests.

However, will this impede upon the social “white lie” that everyone has partaken in at least once in their life?  Do we really want to show every emotion? Or are some emotions meant to be kept secret?  If they weren’t, wouldn’t humans have evolved to be mind readers without the aid of technology?

In the NewScientist article, the author erroneously states that Paul Ekman’ s seven universal emotions as the foundation of the theory of lie detection has been debunked (which is not true) but later posits facts that substantiate the theory.

Microexpressions are concealed emotions.  The seven universal facial expressions are proven to be congruent across cultures. Microexpressions are unconscious exhibits of a conflict between what is being said and what is known by the speaker to be factual.  These expressions do not necessarily equate to a lie but do suggest a need for greater concentration on the subject that allowed those inconsistencies.

These new glasses developed by Rana el Kaliouby , research scientist at MIT Labs, Rosalind Picard, an electrical engineer and Simon Baron- Cohen from the University of Cambridge, are based on different criteria than the seven basic facial expressions of emotion and focuses more on the following expressions:  agreeing, confusion, thinking, concentrating and perhaps the most important one for social reasons, disagreeing.

According to PC World , these MIT researchers began studying this technology to aid in amplifying  emotional signals for autistic patients.

The software, amazing as it is, has a percentage rate of 64%, which is more accurate than the average human but only by about 10%.  The prototype has a camera, the size of a grain of rice, which is wired to a computer.  In turn the glasses relay the emotional information to the wearer via an ear piece and a blinking red or green light.

What are your thoughts on these new glasses?

Liar, Liar Pants on Fire!

Being an effective and believable liar can be beneficial in a plethora of ways.

So, if you are not a natural then how can you learn to be a more effective liar especially in this day and age where technology is trying to thwart our every effort in duplicity?

Look no further. Scientific American has released 18 attributes of a successful liar.

According to a team of scientists led by Dutch psychologist Aldert Vrij, there are precise ingredients to a great liar.  They delineate 18 traits to a super liar.  Listed below are the top ten:

1.  Manipulativeness:  Liars are not fearful or anxious.  They are scheming, relaxed and confident.
2.  Acting:  Good actors make good liars.
3.  Expressiveness:  Liars are seductive and their expressions distracting.
4.  Physical attractiveness:  Good-looking people are judged as more honest.
5.  Natural performers:  Good at convincingly adapting to abrupt changes in discourse.
6.  Experience:  Practice make perfect. Prior lying helps manage emotions such as guilt and fear.
7.  Confidence:  Believe and it shall be.  Liars must have confidence.
8.  Emotional camouflage:   Liars mask emotions by feigning the opposite affect.
9.  Eloquence:  Eloquent speakers use word play to buy extra time to create plausible answers.
10.  Well-preparedness:  Liars minimize fabrication on the spot, which is more vulnerable to detection.

The researchers also point out that many of these qualities are inherent and cannot be fully learned (i.e. with ease of effort) if you will.

The full study, along with other studies on deception conducted by Vrij, can be found in the Open Access Journal of Forensic Psychology.