Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: Social Engineering - need some help

  1. #21
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by williamc View Post
    ....I had no idea so many people were interested! If I can remove the company names from the recordings, I'll try and upload some of my calls so you all can listen to them....
    That would be absolutely great. It one thing to read a great SE adventure like this, but you just can't beat live recordings

    Quote Originally Posted by williamc View Post
    ....My personal favorite is where we unknowingly call someone at the help desk claiming to be from the help desk. DOH! ....

    Red Flag #1 !!!!



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  2. #22
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    I hope you continue the story man, honestly...great read! (Reminded me of The Art of Deception book, I loved that book).
    Second that. A must read for anyone into pentesting or computer security of any kind. It is not only informative but really enjoyable to read as well.

    As for uploading some of the calls that sounds like a great idea, as long as you manage to bleep out any compromising information of course.
    -Monkeys are like nature's humans.

  3. #23
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    2

    Default

    I would suggest youtubing for Derren Brown and Google for pattern interrupts and confusion technique (Milton Erickson).

    Good luck

  4. #24
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    I'm still working on getting the audio files cleaned up for public release. In the mean time, check out this great social engineering talk by Mitnick and Goldstein:
    http://news.cnet.com/8301-1009_3-9995253-83.html

    William

  5. #25
    Junior Member unix_r00ter's Avatar
    Join Date
    Feb 2007
    Posts
    64

    Default

    in the last few weeks I've had quite a few of these phone calls...

    "excuse me, how many computers do you have in your company, who is the manager of IT, what operating systems are you using"

    as soon as i quiz their authenticity, they hang up. noobz

  6. #26
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by unix_r00ter View Post
    "excuse me, how many computers do you have in your company, who is the manager of IT, what operating systems are you using"
    With smooth-talking like that it has to be Mitnick himself
    -Monkeys are like nature's humans.

  7. #27
    Junior Member unix_r00ter's Avatar
    Join Date
    Feb 2007
    Posts
    64

    Default

    Quote Originally Posted by =Tron= View Post
    With smooth-talking like that it has to be Mitnick himself
    LOL, all our telephone calls are recorded, I'll see if i can get a recording.

  8. #28
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by unix_r00ter View Post
    in the last few weeks I've had quite a few of these phone calls...

    "excuse me, how many computers do you have in your company, who is the manager of IT, what operating systems are you using"

    as soon as i quiz their authenticity, they hang up. noobz
    I got a call from our financial auditors the other week wanting to setup a meeting with me. Here's how it went:

    "Hello?"

    "yes, this is Todd from Dewey, Screwem and Howe, I was speaking with your financial director about coming in to speak with you about auditing your network"

    <confused & annoyed> "Oh, this is the first I've heard of it"

    "We audit your books every year, but we've started to audit our clients networks recently in an effort to ensure that financial data is being handled properly"

    <more annoyed>"Ok, so you're doing to be doing a security audit?"

    "Well, we'd like to come in and speak with you about your network, go over a questionnaire just to see how things work there"

    <still annoyed>"ok, well my first question is this: How do I know you are who you say you are? You've just called me out of the blue, I've had no prior warning of your call, how do I know you're not just some random person wanting to get private information out of me via social engineering?"

    <stunned silence, some oh's, ah's>"well, I guess you don't"

    <feeling better since I just took control of the situation>"Ok, when would you like to set up the meeting"

    .....<blah blah blah>

    The audit was actually rather lame. They neglected to ask several rather important questions. The two that showed up was the actual Financial auditor that looks through our books and their head of IT. Once we got done with their questionnaire, I pointed out several things that they should have asked but didn't.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •