β¨ New SE & AI Research β¨
Recently I performed a research project comparing the effectiveness of phishing emails: one crafted by humans πͺ, another by advanced AI π€.
Who do you think would get more clicks?
Blog:
π§΅
π£ Summertime Phishing Idea Thread π£
π§ New Dress Code Policy - Please see the attached file for examples of what IS and ISN'T appropriate dress attire for this summer in the office.
I SAID YES β€οΈβ€οΈβ€οΈππππππ to the helpdesk support agent who asked if I needed help resetting my password without verifying me.
Friendly reminder to make your google docs stuff private.
Until then I'll keep looking at your resumes which includes PII and other info I can use for spear phishing...
site: resume -template $name
USB Drop file names - Holiday edition π
πHoliday Bonus Structure
πQ4 Bonuses
πQ1 Employee Termination List (so its not π but v juicy)
π $companyName Christmas Party Guests Appearance
π Employee Holiday Gift Receipts
Vishing today and the cat creeped into my office...
Cat: MEOOOOOOOOW
Me: π¬π³
Target: Ah, working from home today?
Me: Yup, on Mondays... since I have you - do you mind helping me connect to the VPN? I've been having some issues.
Target: Sure thing
Thanks, cat?
On my last physical assessment, I asked an employee to "print off a file" from my USB flash drive, and ended up teaching them how to find the USB port on their PC and open files off the USB... see, I am helpful.
A monster, but a helpful one.
When I first got into infosec I had people who told me that no one would ever hire me, as a dedicated social engineer.
I took that (wrong) advice to prove to them that I could.
Don't ever let anyone else dictate what you can or can't do.
Hey,
@HiltonHotels
I understand your reason for disregarding the DND sign on my door after 24 hours. But at least require your staff to knock before bursting in. Having a man force open my door unannounced as a single traveler is terrifying! My heart is still racing.
If you have a Bitly link, let's use for example... but you don't want to click it, add a + to the end of the link to get more information like when it was created AND the full URL of where it leads to:
I've seen a number of friends looking for employment and others posting job openings lately.
Use this thread to post jobs you're looking/hiring for below β¬οΈβ¬οΈβ¬οΈ
God, I love my job. Especially explaining what I do to the other soccer moms. Can you imagine their conversation later with their SO?
Soccer Mom: She just... breaks into buildings
SO: Thats call a criminal, honey
SM: No, she gets paid to do it
SO: Again, criminal
How about some Twitter
#OSINT
tools? This thread I'll show a few of my favorites. However, like most Social Media OSINT tools they tend to come and go.
π§΅
Most girls when cleaning out their purse...
Lipstick
Hair pony
Chapstick
Target receipts
Me cleaning out my purse...
Lipstick
Lockpicks
27 badges
Lockpicks
I imagine if I ever did a physical security assessment with
@TinkerSec
you'd probably hear me say things like:
"Tinker we can't kick down doors"
"Tinker go put the DC server back, theft isn't in scope"
"Tinker that one is my wig, go get your own"
"Tinker use your inside voice"
#SocialEngineering
ProTip
When Vishing βοΈ add background noise to give credibility to your pretext, or to add a sense of urgency!
Airport
Train station
Busy city
Office building
In recovery from surgery and on a walk I made the nurse a bet for two jello cups that I knew the code to their Simplex locks. Guess who has two jellos?
Client: we want this test to be as real world as possible
Me: awesome, I found x, y, and z info during osint, I'm going to create a phishing campaign around it
Client: uh, let's not... that will work too well
Me: ....
My little just asked me "mom, what if one of Santa's first stops is at someone's house who has the coronavirus then he spreads it at every house he stops at afterwards?"
πππ
My 16yo attended
@defcon
for the first time this year
I asked him what he thought about it, he said "everyone I talked to was so cool and open to talking to me or teaching me things"
ππ₯°
This community is pretty small. Everyone knows everyone, and everyone talks. Kinda scary how a rumor can completely blacklist someone.
Here's your friendly reminder that there are three-sides to every story and to never take information at face value.
The hairs on my arm stood up as she said the words that I had been craving to hear "Welcome to Starbucks, anything pumpkin I can get you today?"
I un-bit my bottom lip, let out a long sigh of relief, and responded "Yes... yes, please"
No matter how old I am my mom always worries about me, especially when I travel.
I find it adorable, yet ironic, when she asks me things like "Did you break into the building, sweetie? And did you make it back to your hotel room safely?"
You ever read someones shit and see through how much they have no idea what they are talking about?
But people buy into it because they have a fancy title π
My grandpa passed away right before Christmas.
He left a message to myself, siblings, and cousins. The message was around amore. He explained how no one was perfect but he hoped we'd always love one another.
I don't have a resolution for 2020, I hope to focus on loving more.
It's officially over.
Multiple students successfully gained unauthorized access and two were able to complete the objective π I love the tenacity my students have!
Very thankful for our client who allowed the students to test their physical security and staff.
#FSSE
students just got assigned a real physical assessment. They met with the client to scope the engagement and have 24 hours to achieve their objective π π€
π Halloween Phishing Ideas π£
π§ Office Halloween potluck. Please view the attached flyer to see what you've been assigned to bring.
π§ $company Halloween costume dress code. Picture examples of what is and isn't acceptable.
π§ Halloween party volunteers needed. Signup now!