Social Engineering Target specific OSINT
In a previous blog post I told you about the two approaches for social engineering attacks. The structured approach has the following steps.
- The OSINT Process
- The target selection
- Profiling the target
- Target specific OSINT
- The attack preparation
- The attack execution
Today we dive deeper into target specific OSINT.
DISC as starting point
In our previous post we learned to determine how we could determine the DISC of a person. This will be our starting point for doing OSINT against this person.
The basic idea is that we look at this person and look how we can use the information we find as common ground. Using this common ground and understanding how we can approach the person we can start developing the seeds for our approach vectors.
For example, we have a target that is an “S”-profile and a target that is a “I” profile. When we analyze their individual facebook profiles we learn that they are both into collecting beer glasses.
When you approach the “I” with the beer glass as common ground you will need to do it in a very different way than the “S”. They share the same common ground, but require a different approach. The “I” will involve human contact where the “S” can for example be digital.
Finding OSINT information
The difference with this OSINT and the one in the previous blog post is that the focus is this time on the human target instead of on the organization. You can’t learn OSINT from a blog post but I can recommend you to have a look at the following resources:
Doing OSINT research is not a matter of tools, just like hacking isn’t a matter of tools. It is the tools in the hands of a person that has a specific use for them that will either make the OSINT research a success or not.
You can start out with a training or a book but it is important to understand that I, nor anybody else on this planet, can give you a 100% result guaranteed technique.
Next time we will dive into our attack preparation