[Article]-Social Engineering as a Technical Tool



User avatar


Posts: 4270

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Sep 28, 2012 1:33 pm

[Article]-Social Engineering as a Technical Tool

After a month off after BH & DC, Chris is back. Hope you enjoy.

Hey Chris, Good luck with your talk tonight at DerbyCon.

Permanent link: [Article]-Social Engineering as a Technical Tool


By Chris Hadnagy

When we speak about social engineering the normal conversation steers away from the technical and more to the psychological.  This month we are going to change it up a bit and steer head on into the technical arena for a discussion about penetration testing.

There seems to always be a debate online about pentesting, what it is and what it isn’t.  How to do it right, how to do it “real world,” how to do it hardcore and even l33t. But at the end of the day what each and every pentester wants (or should want) is to uncover the holes in the clients network, so they can be mitigated before the bad guys use those very same holes for malicious purposes.

That desire should drive each “real world” pentester to use every tool - technical or not - at his disposal for the benefit of his clients.  This is where our discussion about how to use social engineering as a technical tool or as a tool to get technical details.

Share your thoughts and your own stories,


User avatar

Hero Member
Hero Member

Posts: 1718

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Sep 28, 2012 2:59 pm

Re: [Article]-Social Engineering as a Technical Tool

I think Chris makes an excellent point (without specifically saying it), on the often "over-glamourized" uses of social engineering.  I mean, sure, you can tailgate, or you can throw a SET-initiated attack at company employee X.  Those are both fully valid, and I use them all the time.  And if you can, and you get the access and data you need, you've done your job.  But that's not always necessary. 

As Chris noted, all it takes is gathering enough information to get full access to a database.  From there, all bets are off.  On one side, it might let me plant some malicious scripts or code in a web-fronted db, and gain a shell on the server.  Now I have my pivot, and can go on about my business.  Yep, a more 'glamorous attack', from a technical perspective, after first carefully gathering some info and getting in.  But maybe I don't even have to go THAT far.  Is simply pwning a MAJOR database enough?  Depending on the database, and the target, it just might be.

Suffice to say that with a little time and patience, you could reap far greater rewards than trying to waltz in the front door.  And if done right, the stealth factor is so much greater as, if you've played the cards right, customer X thinks that at least SOME of your database activity is legit, buying you a little extra time to dig in further and leave your backdoors.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is evolved."
- Sun Tzu, 'The Art of War'

OSCE, OSCP (Former - GPEN, C|EH - both expiring / expired)

Return to Hadnagy

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software