[HN Gopher] Social Engineering Dos and Don'ts
___________________________________________________________________
Social Engineering Dos and Don'ts
Author : rognjen
Score : 19 points
Date : 2022-10-20 12:16 UTC (1 days ago)
(HTM) web link (www.pentestpartners.com)
(TXT) w3m dump (www.pentestpartners.com)
| mike_d wrote:
| This reads like it is more from a physical penetration testing
| perspective. Which is less about "social engineering" and more
| about 1) knowing what you are doing and having overt confidence
| and 2) being a responsible adult.
|
| The first you are best served by learning trades and developing
| skills. I became a locksmith, trained as a private investigator,
| hung out on subreddits related to trades and skills to learn
| insider lingo, read books and watched YouTube channels dedicated
| to relevant job functions. Basically you can spend 3 days
| practicing mentalism and faking confidence to try and convince a
| facilities manager you are a vending machine repair person, or
| you can spend 3 days learning the basics of vending machine
| repair.
|
| The later is applicable to all red team/pen testing engagements.
| Think long and hard about what you are about to do at every step
| and how it will impact your client and your ability to continue
| working both on this engagement and in the industry in general.
| You should go in being prepared to "lose" and accepting that as a
| desirable outcome - you'll win more often than not but it isn't a
| bad thing when the client has good security.
| not2b wrote:
| Yes, seems very specific to seeing if someone can get into the
| building; most social engineering attacks are remote, like
| bullying someone into providing login credentials by pretending
| to be a Very Important Exec who needs that info _now_.
| platz wrote:
| So you're saying that if I'm a hyperventilating lizard-wolf, this
| isn't the job for me.
___________________________________________________________________
(page generated 2022-10-21 23:00 UTC)