[Nulled] » Information security » Social Engineering » Social Engineering ​💬 true story...
January 20 2023

Social Engineering ​💬 true story...

Social Engineering
​💬 true story...

• Today I want to share with you an interesting story from a #Red_Team specialist from IBM. The text is quite long, but interesting. Let's go..

• A large New York investment company, one of the first hundred largest companies in the world, hired us as a Red Team team. The slow and low style was chosen, that is, we had six months for all the work. This does not mean that the pentest will be held every day for six months, it means that during these six months we were going to do separate approaches. After compromising the goal, we would build a timeline and use it to find out how the Blue Team reacted during this time.

• Only the company's management knew about what was being tested. As for scope, it was possible to test any networks, engage in physical penetration — anything. In the early stages, my team decided to do a little reconnaissance and try to get into the head office. They even found backpacks with the logo of this company in an online store to look more like employees.

• And they also took with them a device capable of disrupting the operation of the badge reader, and made fake badges. According to their theory, on Monday morning, most likely, it would be enough to disable the reader, and then show the badge so that you would be allowed to pass (the guards would not dare to close the passage to the building). They were right and easily climbed to the floor occupied by the company's management.

• On the way to the office, they bought a box of donuts. What for? The fact is that people tend to trust those who bring gifts. They put a box of donuts outside the room where the meeting was taking place, went inside and announced: "Sorry for the inconvenience! This is an urgent IT audit, you have to leave the premises! You can take a doughnut out of the box as compensation at the exit." As a result, everyone left and no one reported the incident.

• The first thing the team did when they got inside was to connect to the local network and attack the reservation system of the meeting room. All entries for the next week have been moved to another time. This added credibility: everyone saw that their meetings had been moved to another floor, and decided that these guys were definitely their own, since they were doing something like that.

• The next step they attacked the badge scanner, and on the second day they already had real badges. While they were doing this, they found a bunch of data on the SharePoint server, including administrative account data from the SWIFT money transfer system. He gave the opportunity to dispose of about 30 billion dollars.

• Usually, when we work in slow and low mode, we wait for the end of the period to find out if the client has detected suspicious activity, but if we manage to find a critical problem, we have to stop and announce it.

• By the end of the week, I called the CIO of this company and said that I would like to meet. "How about a meeting room on the top floor of the New York office?" I asked. To which he replied to me that he would be glad, but there is an IT audit going on, and it is not available!

💬 I hope you liked this story, if so, then you can find educational material on social engineering and other topics by the corresponding hashtags: #SI #Pentest #Hacking. Your S.E.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 20 January 2023 13:11
  • Publication category(s): Information security»,Social Engineering
  • Number of views of the publication: 177
  • Number of comments to the publication: 0

Related News

20 January 2023
Social Engineering
💬 true story from Group

💬 true story from Group IB. Social Engineering. • Today I have prepared for you another and interesting story from

Read more
20 January 2023
Social Engineering
💬 true story... Social

💬 true story... Social Engineering. • Today we are talking about social engineering, namely the hacking of the

Read more
20 January 2023
Social Engineering
💬 true story from Group

💬 true story from Group IB. Social Engineering. The main component of phishing is that this method of attack

Read more
20 January 2023
Social Engineering
💬 true story... Social

💬 true story... Social Engineering. The question is not "Will you be hacked or not?", but "How

Read more
20 January 2023
Social Engineering
💬 true story... Attack

💬 true story... Attack of the century. How to cheat Google and Facebook for hundreds of millions of dollars with

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +38 Total articles 6747
  • +18 Comments 4132
  • +26 Users : 5932