Social Engineering 101

Want to present an OFFICIAL HTS lecture? MANDATORY approval is required prior to presentation. Post here for approval!

Social Engineering 101

Post by acevic on Sun Jun 12, 2011 4:15 pm
([msg=58404]see Social Engineering 101[/msg])

I am not sure as to whether the lectures are still active or that there is a lack of presenters so I will try my luck through this thread. I have read through Monica's (old) thread on lectures and it linked to this forum.

I fully understand the risks of practically carrying out the methods below. This lecture is for a better understanding of how a hacker can penetrate even through the strongest security systems without much technical skill. This lecture should provide a learner with a better understanding of how easily the human mind can be exploited and what to look out for. Even the most advanced of security experts are vulnerable to psychological attacks which may lead to major IT security breaches.

I am not trying to imply that I know "sure" ways of how to get through a person. The human mind is very unpredictable and that cannot be emphasized enough. The best bet is to analyze the mentality and use your own educated judgement in order to predict the probability of the results.

The following, are the topics (not limited to and not in sequence) I'd like to cover:

Social engineering (introduction)- Hacking the weakest link in security
On-screen psychology (spoofing your identity via the way you type, spoofing your online personality)
Psychological pattern analysis (spotting out vulnerabilities in the emotions and mindset of the target)
Psychological prediction and intuition (analysis of the probabilities of what the result of your stimuli may be)
Identity theft and identity spoofing (spoofing e-mail identities, web sites, social network accounts and administrative identities)
Lying: How to lie and sell it
Off-screen psychology (spoofing your identity in person)
Bluff interrogation & reverse interrogation
Recon and surveillance of public records and how to interpret them
"Confusion is bliss!" (blending lies with the truth)
"Hey! I know you!" (becoming friends before even talking to the person)
Emotion: The bug without a fix
Reverse social engineering

My background: I am ex-military (used to work for an anti piracy unit for software and music...have a bit of know how on military intelligence), a computer enthusiast (I know a bit of web coding here and there), a businessman (current profession) and a prospective professional penetration tester (working on it).

Experience related to social engineering: I have worked with various online watchdogs (not specified for obvious reasons) and I enjoy baiting myself to social engineers and trolling them for weeks until I flame them and report them. As for off-screen social engineering, I have had to take up various identities and deceive a lot of people during my military employment for pirate raids. Other than relevant hands-on experience, I have read through a lot of related books and web resources.

If this lecture gets approved, I would like to invite anyone else who is interested in presenting with me. The lecture will be audio based.


Thank you for your time,
Ace
My crime is that of outsmarting you, something that you will never forgive me
for.
User avatar
acevic
Poster
Poster
 
Posts: 328
Joined: Mon May 16, 2011 10:12 pm
Location: Siberia
Blog: View Blog (0)


Re: Social Engineering 101

Post by Goatboy on Sun Jun 12, 2011 5:46 pm
([msg=58417]see Re: Social Engineering 101[/msg])

Approved. Lectures are pretty dead at the moment. Give us a bit to get the details in order, then we'll contact you.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2816
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Social Engineering 101

Post by acevic on Sun Jun 12, 2011 5:51 pm
([msg=58420]see Re: Social Engineering 101[/msg])

Goatboy wrote:Approved. Lectures are pretty dead at the moment. Give us a bit to get the details in order, then we'll contact you.


Thank you. I would like to add that comments and constructive criticism on the lecture idea are welcome. Please let me know if anything is wrong or missing and I will do my best to cover it.

I have never previously attended an HTS lecture. So please excuse me if I ask a bit too much about how you carry them out.
My crime is that of outsmarting you, something that you will never forgive me
for.
User avatar
acevic
Poster
Poster
 
Posts: 328
Joined: Mon May 16, 2011 10:12 pm
Location: Siberia
Blog: View Blog (0)


Re: Social Engineering 101

Post by Slahd on Tue Jun 14, 2011 5:02 am
([msg=58492]see Re: Social Engineering 101[/msg])

Well, I see that this will be an enjoyable lecture. I actually would like to see more on the science of Social Engineering. I approve of this and will most likely attend. Have we got the date & time yet?

S
CheckFINISHED checkFINISHED checkFINISHED
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
Slahd
Experienced User
Experienced User
 
Posts: 62
Joined: Sat May 28, 2011 12:24 pm
Location: Portland, OR
Blog: View Blog (0)


Re: Social Engineering 101

Post by acevic on Tue Jun 14, 2011 8:29 am
([msg=58497]see Re: Social Engineering 101[/msg])

I'm not sure, I am waiting for Goatboy's green signal.
I don't want this to be a solo presentation though. I would prefer it if some members added to the presentation with their unique views. Social engineering is a science unique to it's individual subject regardless of pattern study. The more views and experiences we discuss, the better. For example, I have seen from the social engineering forum, that Goatboy has come across multiple 419 scams, such as the Nigerian e-mails. Even though that is a common scenario, I'm sure we all have faced different scenarios at some point of time. I have experience in professional social engineering from recon and raid operations during my military service. Using all our experiences, I believe we can make a very dynamic and informative lecture from which we will be covering the most possible on social engineering.
Last edited by acevic on Tue Jun 14, 2011 9:52 am, edited 1 time in total.
My crime is that of outsmarting you, something that you will never forgive me
for.
User avatar
acevic
Poster
Poster
 
Posts: 328
Joined: Mon May 16, 2011 10:12 pm
Location: Siberia
Blog: View Blog (0)


Re: Social Engineering 101

Post by Goatboy on Tue Jun 14, 2011 8:38 am
([msg=58498]see Re: Social Engineering 101[/msg])

It's not so much my approval as it is generating interest. Pick a time and date, post it here, then advertise on IRC.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2816
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Social Engineering 101

Post by conscience on Tue Jun 14, 2011 8:39 am
([msg=58499]see Re: Social Engineering 101[/msg])

Any chance of you releasing some docs about it too? :oops:

I'm pretty unsure whether I can participate your lecture or not. Judging by your introduction above, it'll be nice to see some writings sharing it's quality and attractiveness. And, of course, I'm interested in social enginerring too, which I don't really have a clue about as all the quality documents on this topic seem to hide when I come to searching for them.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Social Engineering 101

Post by acevic on Tue Jun 14, 2011 8:47 am
([msg=58500]see Re: Social Engineering 101[/msg])

@Goatboy, In that case let's give it some more time, maybe say 72 hours to see how popular it gets.

@Conscience, Thank you for your interest. I have drafted out a lecture on paper and I will refine it into something decent to read. It's better that we use a combination or reading material, a small presentation and audio in order to deliver the message thoroughly. Everything will be recorded and posted to HTS for those who cannot attend it. I still highly recommend that you do try to attend it as I will allow a Q/A session, a discussion and an interactive workshop after the lecture.
My crime is that of outsmarting you, something that you will never forgive me
for.
User avatar
acevic
Poster
Poster
 
Posts: 328
Joined: Mon May 16, 2011 10:12 pm
Location: Siberia
Blog: View Blog (0)


Re: Social Engineering 101

Post by conscience on Tue Jun 14, 2011 9:09 am
([msg=58501]see Re: Social Engineering 101[/msg])

Glad to enjoy the fruit of your perfectionism :mrgreen:

I'll try being present as hard as I can of course. Chances are, however, that I still will not be able to get the audio part (Except recording it) as I'm currently not working at home and may disturb others - I'd be ashamed to disrespect them. Anyways I'll take all possibilities to get involved as much as possible.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Social Engineering 101

Post by JoeyPardella on Tue Jun 14, 2011 10:15 am
([msg=58503]see Re: Social Engineering 101[/msg])

I just want to express my interest here, because lately I wasn't on IRC much.

also I'd like to suggest a weekend for a date, so that people like me, living in europe (or not in the US in general), can attend this lecture.
JoeyPardella
Experienced User
Experienced User
 
Posts: 81
Joined: Tue Jan 04, 2011 8:43 am
Blog: View Blog (0)


Next

Return to OFFICIAL Lecture Approvals

Who is online

Users browsing this forum: No registered users and 0 guests