Social Engineering 💬 true story...

[Nulled] » Information security » Social Engineering » Social Engineering 💬 true story...

Social Engineering
💬 true story...

• Today I want to share with you an interesting story from a #Red_Team specialist from IBM. The text is quite long, but interesting. Let's go..

• A large New York investment company, one of the first hundred largest companies in the world, hired us as a Red Team team. The slow and low style was chosen, that is, we had six months for all the work. This does not mean that the pentest will be held every day for six months, it means that during these six months we were going to do separate approaches. After compromising the goal, we would build a timeline and use it to find out how the Blue Team reacted during this time.

• Only the company's management knew about what was being tested. As for scope, it was possible to test any networks, engage in physical penetration — anything. In the early stages, my team decided to do a little reconnaissance and try to get into the head office. They even found backpacks with the logo of this company in an online store to look more like employees.

• And they also took with them a device capable of disrupting the operation of the badge reader, and made fake badges. According to their theory, on Monday morning, most likely, it would be enough to disable the reader, and then show the badge so that you would be allowed to pass (the guards would not dare to close the passage to the building). They were right and easily climbed to the floor occupied by the company's management.

• On the way to the office, they bought a box of donuts. What for? The fact is that people tend to trust those who bring gifts. They put a box of donuts outside the room where the meeting was taking place, went inside and announced: "Sorry for the inconvenience! This is an urgent IT audit, you have to leave the premises! You can take a doughnut out of the box as compensation at the exit." As a result, everyone left and no one reported the incident.

• The first thing the team did when they got inside was to connect to the local network and attack the reservation system of the meeting room. All entries for the next week have been moved to another time. This added credibility: everyone saw that their meetings had been moved to another floor, and decided that these guys were definitely their own, since they were doing something like that.

• The next step they attacked the badge scanner, and on the second day they already had real badges. While they were doing this, they found a bunch of data on the SharePoint server, including administrative account data from the SWIFT money transfer system. He gave the opportunity to dispose of about 30 billion dollars.

• Usually, when we work in slow and low mode, we wait for the end of the period to find out if the client has detected suspicious activity, but if we manage to find a critical problem, we have to stop and announce it.

• By the end of the week, I called the CIO of this company and said that I would like to meet. "How about a meeting room on the top floor of the New York office?" I asked. To which he replied to me that he would be glad, but there is an IT audit going on, and it is not available!

💬 I hope you liked this story, if so, then you can find educational material on social engineering and other topics by the corresponding hashtags: #SI #Pentest #Hacking. Your S.E.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

0 0

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

Author of the publication: web3
Date of publication: 20 January 2023 13:11
Publication category(s): Information security / Social Engineering
Number of views of the publication: 92
Number of comments to the publication: 0

Site Search

Site Menu

☑ Scripts Software

Casinos and Sports betting

Casino Scripts

Sports betting Scripts

HTML5 Games casino

Poker Scripts

Roulettes, cases Scripts

Bitcoin casino scripts

Scripts Cryptocurrencies

Bitcoin scripts

Altcoins scripts

Mining scripts

Trading scripts

Currency exchange scripts

Exchanger script

Nulled exchanger script

PHP Scripts

Gambling Software

PHP Scripts

Scripts HYIP

Economic Games HYIP

Buks scripts

Doubler Scripts HYIP

Roulette Scripts HYIP

Advertising scripts

Rating Scripts

Scripts of social networks

Online stores Scripts

Scripts Bulletin boards

Link Shortening script

Telegram script

Web Templates

HTML Templates website

HTML Control panels

Email Templates

PSD Templates

CMS Internet shop Scripts

Magento script

Modules Magento

Templates Magento

Releases Magento

PrestaShop script

Modules PrestaShop

Templates PrestaShop

Releases PrestaShop

OpenCart script

Releases OpenCart

OpenCart templates

OpenCart modules

Shop-Script(Webasyst)

Plugins Shop-Script

Templates Shop-Script

Releases Shop-Script

SimplaCMS script

Modules SimplaCMS

Templates SimplaCMS

Releases SimplaCMS

OkayCMS script

OkayCMS Releases

Modules OkayCMS

Templates OkayCMS

CS-Cart script

Releases CS-Cart

Modules CS-Cart

Templates CS-Cart

ImageCMS script

Releases ImageCMS

ImageCMS modules

ImageCMS templates

Bulletin Board scripts

Osclass script

Plugins Osclass

Revision of the themes of Osclass

General questions of Osclass

Unisite-Board script

Themes Unisite-Board

Plugins Unisite-Board

Modification Unisite-Board

General questions Unisite-Board

Forums scripts

Discuz! script

Releases Discuz!

Modules Discuz!

Templates Discuz!

Script mybb

Releases mybb

Modules mybb

Templates mybb

VBulletin

vBulletin Skins

Mods for vBulletin

vbulletin Releases

Hacks VBulletin

Forums Invision Community

Releases Invision Community

Plugins Invision Community

Styles Invision Community

Modifications Invision Community

Transfers Invision Community

General questions

XenForo forum platform

XenForo Releases

XenForo Styles

Modules XenForo

Transfers XenForo

CMS (Site management systems)

WordPress

WordPress Themes

WordPress Plugins

Joomla

Joomla Templates

Joomla modifications

Joomla components

DataLife Engine

DLE Releases

DLE templates

DLE modules

DLE hacks

1С-Bitrix

Releases 1c-bitrix

Templates 1c-bitrix

Modules 1c-bitrix

General questions 1c-bitrix

WHMCS Web Hosting Billing

Releases WHMCS

Modules WHMCS

Templates WHMCS

Email Script

Interspire Email Script

Releases Interspire

Modules Interspire

MailWizz Email Script

Releases MailWizz

Modules MailWizz

Mumara Email Script

Releases Mumara

Modules Mumara

PowerMTA Email Script

Releases PowerMTA

Modules PowerMTA

Social Networks scripts

InstantCMS script

Components InstantCMS

Widgets InstantCMS

Templates InstantCMS

LiveStreet script

Plugins LiveStreet

Templates LiveStreet

Dating scripts

skadate Х Dating script

OXWALL Dating script

Readymade PHP Scripts

Clone Scripts

Accounting Software

Banking Software

Calculators

Classified Script

CRM Application

Cryptocurrency Script

Directory Script

Ecommerce Website

Educational Software

Enterprise Application

Hospital Software

Hotel Booking Script

Job portal Script

Marketplace Scripts

MLM Application HYPE

Mobile App Codes

Online Booking Script

Point Of Sale Software Scripts

Realestate Script

Restaurant Management

Retail Management

GPS Tracking System

Calendar

« May 2024 »
Mon	Tue	Wed	Thu	Fri	Sat	Sun
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Survey on the website

Evaluate the work of the site

Statistics

+8 Total articles 5578
+13 Comments 3150
+31 Users : 4134

Full statistics

Contacts

Moderator

Channel

Google

RSS