[HN Gopher] Social Engineering Dos and Don'ts ___________________________________________________________________ Social Engineering Dos and Don'ts Author : rognjen Score : 19 points Date : 2022-10-20 12:16 UTC (1 days ago) (HTM) web link (www.pentestpartners.com) (TXT) w3m dump (www.pentestpartners.com) | mike_d wrote: | This reads like it is more from a physical penetration testing | perspective. Which is less about "social engineering" and more | about 1) knowing what you are doing and having overt confidence | and 2) being a responsible adult. | | The first you are best served by learning trades and developing | skills. I became a locksmith, trained as a private investigator, | hung out on subreddits related to trades and skills to learn | insider lingo, read books and watched YouTube channels dedicated | to relevant job functions. Basically you can spend 3 days | practicing mentalism and faking confidence to try and convince a | facilities manager you are a vending machine repair person, or | you can spend 3 days learning the basics of vending machine | repair. | | The later is applicable to all red team/pen testing engagements. | Think long and hard about what you are about to do at every step | and how it will impact your client and your ability to continue | working both on this engagement and in the industry in general. | You should go in being prepared to "lose" and accepting that as a | desirable outcome - you'll win more often than not but it isn't a | bad thing when the client has good security. | not2b wrote: | Yes, seems very specific to seeing if someone can get into the | building; most social engineering attacks are remote, like | bullying someone into providing login credentials by pretending | to be a Very Important Exec who needs that info _now_. | platz wrote: | So you're saying that if I'm a hyperventilating lizard-wolf, this | isn't the job for me. ___________________________________________________________________ (page generated 2022-10-21 23:00 UTC)