September 28, 2012 at 6:33 pm #7929Don DonzalKeymaster
After a month off after BH & DC, Chris is back. Hope you enjoy.
Hey Chris, Good luck with your talk tonight at DerbyCon.
Permanent link: [Article]-Social Engineering as a Technical Tool
By Chris Hadnagy
When we speak about social engineering the normal conversation steers away from the technical and more to the psychological. This month we are going to change it up a bit and steer head on into the technical arena for a discussion about penetration testing.
There seems to always be a debate online about pentesting, what it is and what it isn’t. How to do it right, how to do it “real world,” how to do it hardcore and even l33t. But at the end of the day what each and every pentester wants (or should want) is to uncover the holes in the clients network, so they can be mitigated before the bad guys use those very same holes for malicious purposes.
That desire should drive each “real world” pentester to use every tool – technical or not – at his disposal for the benefit of his clients. This is where our discussion about how to use social engineering as a technical tool or as a tool to get technical details.
Share your thoughts and your own stories,
September 28, 2012 at 7:59 pm #50152hayabusaParticipant
I think Chris makes an excellent point (without specifically saying it), on the often “over-glamourized” uses of social engineering. I mean, sure, you can tailgate, or you can throw a SET-initiated attack at company employee X. Those are both fully valid, and I use them all the time. And if you can, and you get the access and data you need, you’ve done your job. But that’s not always necessary.
As Chris noted, all it takes is gathering enough information to get full access to a database. From there, all bets are off. On one side, it might let me plant some malicious scripts or code in a web-fronted db, and gain a shell on the server. Now I have my pivot, and can go on about my business. Yep, a more ‘glamorous attack’, from a technical perspective, after first carefully gathering some info and getting in. But maybe I don’t even have to go THAT far. Is simply pwning a MAJOR database enough? Depending on the database, and the target, it just might be.
Suffice to say that with a little time and patience, you could reap far greater rewards than trying to waltz in the front door. And if done right, the stealth factor is so much greater as, if you’ve played the cards right, customer X thinks that at least SOME of your database activity is legit, buying you a little extra time to dig in further and leave your backdoors.
- You must be logged in to reply to this topic.