Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Social Engineering Formal Methodology
From: "CT" <ct () arnet com ar>
Date: Thu, 7 Mar 2002 21:41:57 -0300

Hash: SHA1

A formal methodology for conducting Social Engineering Assessments...
lets see. 
It depends on the intellectual capacity ( speaking and thinking
*during chat* ) on the one that uses this skill...  Is not very
formal and I nor have seen text in where it details perfectly like
applying it, this is implemented on the previus attack or during. 
I have seen an interrogation manual of marine corps... nice but old.
(Desclassified papers)  
Read some books of psychology, magic, charlatans of fair, persons'
manipulation or something like that... ( Varied literature or the
tastes in that the victim is interested. )
S.E can apply to secretaries, technical personnel, personnel of
hierarchy or of the level mas low of the company, drivers, personnel
of cleanliness, relatives, friends, neighbors, enemies and many
persons mas related to the target... a human or a company.
Competition, ancient associates and companions,  barber and other one
that gives him some service too.
Psychology, rhetoric and slang, maybe (sure) is good to learn for
every case and to be able to apply it with intelligence and
calmness... to obtain the necessary data to use in the final assault.

To teach to the personnel of the companies and our friends is a good
Sorry my poor english. Best regards.

- ----- Original Message ----- 
From: "Ilici Ramirez" <ilici_ramirez () yahoo com>
To: <pen-test () securityfocus com>
Sent: Thursday, March 07, 2002 5:08 AM
Subject: Social Engineering Formal Methodology


There are many resources available on the web about
Social Engineering (including NLP - my new hobby) -
you can find them on google very quickly. But most of
them contain "what is SE", some examples and
references to other sites with the same stuff.

Anyway ,as far as my research has gone I could not
find any paper on A FORMAL METHODOLOGY for conducting
Social Engineering Assessments. 

In any audit if you do not follow a methodology you
cannot guarantee for quality of the work.

So, could anybody give us an advice?

Best Regards,
Ilici R

Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>


This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]