Social Engineering – The Basic Recipe

One of the returning questions I get from people is how I choose my targets when I do a social engineering attack.

It is a very good question, because it shows that the student understands the difference between a generic attack against a compiled list and going after specific people.

The Attack Steps

Before we go any further it should be said that there are 2 approaches. One is an opportunistic based approach and the other one is a structured process. If you choose to have a social engineering pentest I would ask the pentester to do both.

Opportunistic approach

During the opportunistic approach you have an attack which is unprepared. The penetration tester comes in makes an on the spot evaluation of what is there and goes to work.

A lot of people discount these attacks but I would caution you to do so since there have been a lot of successes. Check out Jason E. Street videos on Youtube if you want to understand it better.

Do not think this doesn’t require skill. It means the penetration tester has a fair understanding on how businesses work, how buildings work, how people work and knows when it is time to improvise.

The process-based approach

The structured approach is difference in that sense that you have a kill chain like the Lockhead Martin Kill Chain but dedicated to social engineering. The basic process comes down to :

  1. The OSINT Process
  2. The target selection
  3. Profiling the target
  4. Target specific OSINT
  5. The attack preparation
  6. The attack execution

This takes a lot more time to execute but it is a process and thus in theory there is the possibility to repeat it. I say in theory since every interaction will change the target and there is no way to get a target back to the state he or she was when you were performing your attack.

In the next post I will be diving into the different individual steps of the process.