May 9, 2011 at 3:26 pm #6384Don DonzalKeymaster
Mike Murray brings up a topic that will hopefully spark an interesting conversation and lead you into your own research of hypnosis. Then stay tuned for next month’s column where Mr. Murray will give a sort of Hypnosis 101 for Penetration Testers. Should be a fun summer topic!
Permanent link: [Article]-The Failure of Hypnosis in Social Engineering
Column by Mike Murray
I was recently at a conference with a friend of mine who was visiting Vegas for a hypnosis conference, and I was explaining to him the biggest problem with most social engineering “experts.” And, of course, because I had been talking to him about amnesia, I promptly forgot about it.
I was reminded of it when I was reading something that another social engineering expert wrote that linked hypnotic phenomena to the act of social engineering. So, I’ll share the same caveat with all of you: if someone tells you that hypnosis has anything to do with social engineering, they’re a charlatan and you need to be VERY careful believing anything that they’re saying.
This is said, of course, as someone who is formally trained in hypnosis and has spent a lot of years studying it as part of my training to become good at social engineering. But, in the same way that being a great coder doesn’t make you a great penetration tester (and vice versa), being a great hypnotist doesn’t make you a great social engineer (and vice versa).
Let me explain.
Let the conversation begin,
PS – Hope you can see the BSOD on the laptop in the article’s opening image. 8)
May 9, 2011 at 4:36 pm #39702lorddicraniusParticipant
Interesting subject, I look forward to Mike’s follow-up articles!
I never actually put these 2 topics together until I listened to the latest “Skepticality” podcast the other day. Chris Hadnagy (of social-engineer.org and “Social Engineering: The Art of Human Hacking”) was interviewed and the topic of hypnotism was brought up briefly. Chris showed skepticism toward hypnosis, but the host jumped topics and neither elaborated on it much. I don’t know much about hypnosis myself, but it seemed though as Chris had given the two topics some time and analysis before. It’d be great if we could get Chris in on this conversation, too hehe. Two big names in the infosec industry who’ve been concentrating on the social engineering aspect – it could prove to be a great conversation 🙂
P.S. I noticed the BSOD 😉
May 9, 2011 at 6:28 pm #39703mmurrayParticipant
I’d definitely love to hear Chris’s comments on the subject.
May 9, 2011 at 7:26 pm #39704silParticipant
Mike, didn’t you do a talk on this with Anton a while back?
You must be logged in to reply to this topic.