Article Search...

Human Hacking - Social Engineering -- Building Trust Through Mistrust

This article exemplifies social engineering and some of the tactics utilized to ready you to learn, and understand social and reverse engineering. Throughout the rest of these examples we will take a broader look at social engineering and different methods it can and may be executed, from face-to-face, all the way to utilizing the internet and phone conversations.

Human Hacking - Phone Based Social Engineering

This article provides different styles by which social engineering via phone may be executed against help desk. However, other forms of information from initial information gathering searches may provide information by which you the attacker or tester may utilize in order to leverage and gain access to internal networks for further penetration.

Human Hacking - Instant Message Social Engineering

A brief look into social engineering and how it's performed against an unsuspecting computer user. This attempt was taken from a real conversation from a dating web site, sometime back in 2009 / 2010. This also provides a reverse tactic of obtaining the scammers information. Please take note that some instant messenger services are defunct (AOL, etc). This can be moved into the realm of FB and other social networks where direct messaging can be executed!

Human Hacking - E-mail Spoofing & Social Engineering

A few common ways attackers attempt to gain trust, or force a user into clicking on a link, or trusting an e-mail from the internet. Other attacks will be added to this series as well, such as social engineering campaigns.

Human Hacking - Person-to-Person Social Engineering

This article provides a quick burn down of what to expect, and what you should perform while attempting to social engineer an individual face-to-face during an attack, or penetration test.

Human Hacking - Job Interview Social Engineering

 This document outlines some information that can be utilized for some information regarding the process of social engineering on the job, or targeting a company during the job process. 

Job Interview Social Engineering


Considering that a target corporation is in the process to higher new candidates for a job in information technology, and information security; an attacker can view this as an opportunity in order to launch a social engineering attack. Although the attack will be viewed as benign an attacker can glean more information from a single interview process than over a phone.


The method in which this type of social engineering is performed is that when you are on the grounds of the corporation, you can then inquire about the information technology, and or the devices which are in use. Eager interviewers would jump at the opportunity to demonstrate and detail which technologies are in use at the corporation to see if you have the skill set, and level to operate in their environments. Considering that you do ask questions in regards to which technologies are utilized most, or new emerging technologies that they'd need to be proficient with. This could; in many instances allow the attacker information in gathering, tools, exploits and additional criteria to launch an attack.


As something as so benign as a hiring process can glean so much information that it, too can put the corporation at risk. Many times, landing a job within the company will allow the attacker to enter undetected. Thus allowing him or her to attack from within the networks.


Job interviewers and corporations need to understand the risks which revolve around the job hiring process. Seeking candidates which state their knowledge on the resumes first. Then, asking which they are apt to utilizing and which technologies they would like to work with. Never divulging the criteria on what it is they do need. Considering there is no solid method to protect against this, job sites such as monster, hotjobs, etc will allow an attacker to build a profile in the likes of a target and seek to exploit those core technologies without wasting much time.


Human Hacking - Social Networking Surveys & Surveying The Scene

An introduction and look into creating social networking surveys to extrapolate and pilfer information from unsuspecting users in order to obtain security questions, personal information, and in turn use this information to hack the individual through forgotten web forms, or social engineering.

Human Hacking - Road Apples

A brief introduction to what a road apple is, and how you can create custom road apples.

Human Hacking - The Wonderful World of FedEX Kinkos

This document describes how you can utilize services such as staples, and fedex kinkos in order to create a professional presence for social and reverse engineering.