We were recently asked to conduct a Social engineering test on an organisation and the customer requested us to covertly film our work which involved accessing their office and planting USB keyloggers and moving unsecured laptops and phones to a designated location. The filming exercise was to see if we were stopped by anyone in the organisation and so they could review the footage and to review their security posture.
I'm interested to hear about other people's views on social engineering and to learn from your experiences …
Cheers
We were recently asked to conduct a Social engineering test on an organisation and the customer requested us to covertly film our work which involved accessing their office and planting USB keyloggers and moving unsecured laptops and phones to a designated location. The filming exercise was to see if we were stopped by anyone in the organisation and so they could review the footage and to review their security posture.
I'm interested to hear about other people's views on social engineering and to learn from your experiences …
Cheers
Make sure you get everything in writting. If you don't you coild be in a world of hurt. Make sure it is very detailed if you are moving euipment and installing keyloggers, be sure it is in the request and make sure your lawyers go over it all before you start.
Its all about recon and balls.
Make sure your information is as solid and as thorough as possible, identify a weakpoint and go in with a plan and knowing what you are are doing. If that means sending one of the team in to scope out the environment then do that.
Without knowing anything about the target I'd say that your best option is IT support personel or a telecomms contractor, once you're through security anyhow…
Don't forget to sign a contract with the legal representative an include a disclaimer.