Collaborate Disseminate
At SECOM, we perform many forms of social engineering attacks, from phishing to vishing and smishing as well as impersonation. All of these attacks are used regularly by actual attackers and should be tested as part of a robust security assessment in e… Continue reading In 2019, Test Impersonation Attacks
Here is my security protocol for the use of a service provided by server. It utilises a symmetric key:
Client requests to use a service
Server sends back nonce
Client sends back nonce encrypted with Alice’s key
Once server … Continue reading What are the flaws in this security protocol between client and server?
When you think about what a social engineer does, and how influence and manipulation are used by good and bad SEs, it is easy think that to be an SE you need to have an evil personality or even have sociopathic tendencies. Is that true, are all social … Continue reading Are All Social Engineers Bad?
“Bitcoin,” “Litecoin,” “Ethereum,” and “cryptocurrency” have rapidly become household names, though many households don’t have a firm understanding of the technology behind cryptocurrencies and the … Continue reading Protect Yourself Against Social Engineering in the Age of Cryptocurrency
It seems like a day doesn’t go by without another “breach” story in the news. So much that you might find yourself ignoring them as just another news story. But we urge you NOT to ignore this one. Please. Equifax was breached in May 2017. It looks like hackers used the vulnerability in the Apache STRUTS flaw. 65% of the Fortune 100 companies use STRUTS, so this vulnerability was not unique to Equifax. Equifax did not discover the breach until July 2017. Doing the math, the attackers had at least 3 months in their systems. What did they get? Hopefully […] Continue Reading >
The post The Equifax Breach And What You Need To Know appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.
Continue reading The Equifax Breach And What You Need To Know
When the location is turned on can someone track me without me sharing my location with them?
Continue reading When my location is turned on can someone track me?
Imagine sitting in front of your computer and as you’re checking your email, you come across a message advertising a great deal on the Apple iPad. You’ve been wanting to get one so you can give your old one to your child. So, you click the link that goes to https://www.apple.com. Now you check; is it secure? You see the green lock and the https in the URL. Okay it’s secure. Is it real? https://www.apple.com is what you see in the browser. So, it must be real. If you were to have looked closer you would have seen https://www.xn--80ak6aa92e.com/ not […] Continue Reading >
The post The Homograph Attack appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.
In between presidential debates and mass marketing, there are news stories about natural disasters all over the globe. Hurricanes, typhoons, earthquakes, landslides – to just name a few. Many of us have friends or family that live or travel to these locations and when we see these news reports we are filled with fear. Even if you have no family there, the lost of human life affects us and we are deeply saddened. Recently when hurricane Matthew hit Haiti and Bahamas then North Carolina – you probably felt like we did. Watching the number of those who died was upsetting […] Continue Reading >
The post Natural Disasters and the Social Engineer appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.