mailing list archives
Social Engineering - information disclosing by phone
From: "Taras P. Ivashchenko" <naplanetu () gmail com>
Date: Wed, 24 Dec 2008 23:34:33 +0300
What do you thing about such step of pentest as information disclosing by phone?
Yes, of course everybody watched "Hackers" with Jolie and Miller and remember moment
when when some security officer told number of modem by telephone.
But it's cinema and what about real life?
In Penetration Testing Framework  we can read:
"Hi, it's Zoe from the helpdesk. I am doing a security audit of the network
and I need to re-synchronise the Active Directory usernames and passwords.
This is so that your logon process in the morning receives no undue delays"
If you are calling from a mobile number, explain that the helpdesk has been
issued a mobile phone for 'on call' personnel.
- Phone number
- Room number
 http://www.vulnerabilityassessment.co.uk/Penetration Test.html
What in your opinion we can take (in pentest) from such method of S.E.?
Does anybody knows Mitnick here? Please, call him =)
Тарас Иващенко (Taras Ivashchenko), OSCP
"Software is like sex: it's better when it's free." - Linus Torvalds
- Social Engineering - information disclosing by phone Taras P. Ivashchenko (Dec 25)