SiegeCast: Practical People Hacking

By Red Siege | April 25, 2022

 

Introduction:

In an enlightening conversation, Security Consultant Jason Downey and Senior Security Consultant Cory Overstreet delved into the intricate world of social engineering, focusing on phishing, vishing, and physical penetration testing. Their expert insights offer a comprehensive guide to understanding and executing effective security assessments in today’s digital landscape.

Phishing Techniques: A Deep Dive

Jason and Cory categorize phishing into “low and slow” (red team style) and “pure phishing,” emphasizing the importance of tailoring attacks to test employee vigilance and system robustness. They share invaluable tips on:

  • Target Identification: Utilizing open-source intelligence to craft email lists.
  • Pretext Crafting: Leveraging company news, social media, and local events to create convincing scenarios.
  • Execution and Evasion: Discussing tools like Evilginx2 for credential capture and highlighting the significance of creating a sense of urgency.

Vishing: The Art of Voice Phishing

Cory shares his prowess in vishing, outlining strategies to extract information over the phone. He emphasizes the importance of pretext development, relying on detailed company research and employee profiling. Cory’s anecdotes illustrate the effectiveness of playing both knowledgeable and naive roles to gain trust and access.

Physical Penetration Testing: Breaching Real-World Defenses

The duo explores physical security assessments, emphasizing pre-engagement reconnaissance using Google Maps and social media. They discuss impersonation tactics, the importance of blending in, and the use of devices like the Rubber Ducky for payload execution. Their stories from the field underscore the creativity and adaptability required in successful physical penetration testing.

Ethical Considerations and Client Value

Jason and Cory touch on the ethical boundaries of social engineering, avoiding pretexts that might cause undue stress or harm. They stress the importance of providing tangible value to clients through detailed reporting and actionable insights, ensuring that engagements lead to stronger security postures.

Conclusion: Mastering People Hacking

Through their engaging discussion, Jason and Cory not only shed light on the technical intricacies of social engineering but also highlight the human element crucial in both executing and defending against these threats. Their experiences serve as a testament to the ongoing cat-and-mouse game between security professionals and potential adversaries.

Learn More

For organizations looking to fortify their defenses, understanding the nuances of social engineering is paramount. Engaging with seasoned consultants like those at Red Siege can provide not just insights but also practical strategies to enhance security measures against the ever-evolving landscape of digital threats. You can always contact us, or reach out on our social media. If you’re looking to dive deeper, have questions, or just want to connect with fellow cybersecurity enthusiasts, join us on our Discord.

 

SiegeCast: The Way of the Spray

By Red Siege | August 24, 2021

August 24th at 3pm Eastern. In a world where the security landscape is ever changing, weak passwords and an attackers ability to leverage that weakness is the gift that keeps […]

Learn More
SiegeCast: The Way of the Spray

SiegeCast: Unpacking the Packet

By Justin Connors | November 16, 2020

  Introduction: In a recent session, Jason Downey, a seasoned Security Consultant at Red Siege Information Security, took us through the foundational elements of networking that are crucial for every […]

Learn More
SiegeCast: Unpacking the Packet

SiegeCast: High Impact Simple Hacks

By Justin Connors | November 9, 2020

This SiegeCast has passed. The video is on our Youtube! https://redsiege.com/ytsubscribe Red Siege is back with a brand new SiegeCast! On November 10th at 3pm EST we will be presenting […]

Learn More
SiegeCast: High Impact Simple Hacks

Find Out What’s Next

Stay in the loop with our upcoming events.