dalepearson

Hey @venom77 one of the other old skool people makes a return 🙂

if you are looking to simulate real world threats, then SE should certainly be a component of that threat simulation.

There is risk involved of course.
However the realities are that not many companies are good at Physical Security.
If you have these concerns I would have some additional clauses in the engagement contract to cover the event of your own personal damage.

It doesnt stop it happening granted, but it gives you some insurance.

Depending on your definition of Social Engineering you can do it full time, however in my experience you will have other skillsets to leverage also.

There are no specific certifications for SE, however there are some workshops at conferences that talk about social engineering, and red team engagements that would be of benefit.

My suggestion is…[Read more]

I have not been to Source, so cant comment.
However I did go to BruCon last year and it really was an awesome conference.
I am also talking at BruCon this year, so of course I will plug that 🙂

I think what ever one you decide to attend will be money well spent, and you will have a great time.

Dale

Congratulations on passing mate, its a tough exam.

Red Bull and cake kept me going through mine 🙂

Thanks for posting this Chris, much appreciated.

It certainly is an excellent conference.

See those who can make it there 🙂

The_Eccentric,

Its a nice post mate, well done and thanks for sharing.
I will also add that an SE attack can also be a good way of helping a company really understand its critical systems and valuable assets, as the perspective is different.

Late to the party but I will still put my 2p in.

The EnCe book is the only official Encase book on the market. I did all my study with guidance software and the courses where very good, and the training material and handout was excellent. I think Encase is a good product, and its alot cheapee tha FTK.

You can contact Guidance and they will send…[Read more]

Chris where abouts are you based?

If your interested in Social Engineering, and some of the skills that can make you a better Social Engineer, I would like to plug my new site Head Hacker.

Its still early days, but I believe there is already some good content, and I am getting alot of good feedback. Please check it out, and feel free to email me feedback and content…[Read more]

WPA with AES is still pretty good, WPA with TKIP has issues 🙂
WPA2 is the current best offerings.

As with all things, if you use a simple password, its going to be popable by a decent wordlist.

Cracking WPA is based on the SSID and the password / passphrase. The best thing about WPA cracking is you grab the handshake and away you go, not like…[Read more]

Personally I have a couple of Linksys USBBT100’s. One is standard, and another I have adapted so I can use an external antenna.

Be interested to hear from anyone on this, and what MIFI device they are using.

I have been considering getting a MIFI device of some sort in the future when I change phones.

Look forward to the info.

Ketchup, I do believe your right this is Bluetooth.

So if you simply want to scan and detect Bluetooth devices this can be easily achieved with an bluetooth enabled device. The simple bluetooth tools on a bluetooth enabled PC will scan and find other devices.

If you want to do something once you have found them, then the fun can begin.

Check…[Read more]