-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A formal methodology for conducting Social Engineering Assessments... lets see. It depends on the intellectual capacity ( speaking and thinking *during chat* ) on the one that uses this skill... Is not very formal and I nor have seen text in where it details perfectly like applying it, this is implemented on the previus attack or during. I have seen an interrogation manual of marine corps... nice but old. (Desclassified papers) Read some books of psychology, magic, charlatans of fair, persons' manipulation or something like that... ( Varied literature or the tastes in that the victim is interested. ) S.E can apply to secretaries, technical personnel, personnel of hierarchy or of the level mas low of the company, drivers, personnel of cleanliness, relatives, friends, neighbors, enemies and many persons mas related to the target... a human or a company. Competition, ancient associates and companions, barber and other one that gives him some service too. Psychology, rhetoric and slang, maybe (sure) is good to learn for every case and to be able to apply it with intelligence and calmness... to obtain the necessary data to use in the final assault. CT www.heinekenteam.com To teach to the personnel of the companies and our friends is a good beginning. Sorry my poor english. Best regards. - ----- Original Message ----- From: "Ilici Ramirez" <ilici_ramirezat_private> To: <pen-testat_private> Sent: Thursday, March 07, 2002 5:08 AM Subject: Social Engineering Formal Methodology > > Hi, > > There are many resources available on the web about > Social Engineering (including NLP - my new hobby) - > you can find them on google very quickly. But most of > them contain "what is SE", some examples and > references to other sites with the same stuff. > > Anyway ,as far as my research has gone I could not > find any paper on A FORMAL METHODOLOGY for conducting > Social Engineering Assessments. > > In any audit if you do not follow a methodology you > cannot guarantee for quality of the work. > > So, could anybody give us an advice? > > Best Regards, > Ilici R -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPIgI0vu26CT57WQrEQLuiwCbBFuUIzulaQLNwmRwfJi22wsdbmkAn1w6 2D3UvprIJe6HDBy0W/Frs53r =Hd0d -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 10:22:12 PST