Re: Social Engineering Formal Methodology

From: Todd Willey (aliver_vilerealat_private)
Date: Fri Mar 08 2002 - 07:20:11 PST

Next message: Will Wilkinson: "Re: Social Engineering Formal Methodology"

Previous message: Olivier Busolini: "Modem detection in a LAN"
In reply to: Ilici Ramirez: "Social Engineering Formal Methodology"
Next in thread: Will Wilkinson: "Re: Social Engineering Formal Methodology"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The reason there are no formal rules for social
engineering is becuase it is all dynamic and dependant
on the situation and the contact.  You tell people
what they need to hear to give you vital information. 
It is improvised, not scripted.  Some things that my
be helpfull though:

-Write down the contact's name and their department,
you can keep this contact for further information
gathering later.
-Keep refering to them by first name (common name) on
the phone, this will sometimes build up an informal
environment in which they are comfortable giving you
information.
-Don't be afraid to ask for a supervisor if things
aren't going your way, go all the way to the top if
you have to, but don't back down.
-Also, if you are not doing this from a business
environment, you can try to create an office type
dialog to seem more professional.  Have a "secretary"
call, get the contact on the phone, and then transfer
the contact to your office.  If you have a secretary
making your calls, you must be doing something right,
or so they would assume.

These are not garaunteed to work.  In some situations
you are just as likely to gather information as a
concerned consumer or a student.  There is no set
method, and there cannot ever be a set method, you
just have to act.

todd[1]


--- Ilici Ramirez <ilici_ramirezat_private> wrote:
> 
> Hi,
> 
> There are many resources available on the web about
> Social Engineering (including NLP - my new hobby) -
> you can find them on google very quickly. But most
> of
> them contain "what is SE", some examples and
> references to other sites with the same stuff.
> 
> Anyway ,as far as my research has gone I could not
> find any paper on A FORMAL METHODOLOGY for
> conducting
> Social Engineering Assessments. 
> 
> In any audit if you do not follow a methodology you
> cannot guarantee for quality of the work.
> 
> So, could anybody give us an advice?
> 
> Best Regards,
> Ilici R


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Will Wilkinson: "Re: Social Engineering Formal Methodology"
Previous message: Olivier Busolini: "Modem detection in a LAN"
In reply to: Ilici Ramirez: "Social Engineering Formal Methodology"
Next in thread: Will Wilkinson: "Re: Social Engineering Formal Methodology"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 10:35:27 PST