Social Engineering Attack Preparation
In a previous blog post I told you about the two approaches for social engineering attacks. The structured approach has the following steps.
- The OSINT Process
- The target selection
- Profiling the target
- Target specific OSINT
- The attack preparation
- The attack execution
Today we dive deeper into attack preparation
The D20 entropy device
An attack preparation is a dry-run of your attack. Before we can do that I would recommend you to invest in a D20 (which can be found in your local board game shop).
The D20 is a dice with 20 surfaces and is thus an entropy device. This is important because we will need to generate a lot of entropy. The reason why I use a dice is because it doesn’t need batteries and I can take it with me anywhere. The reason why I chose a D20 is because I like it. You could use a coin flip too but it sounds cooler to say you use a D20 entropy device.
The Dry-run Rules
To test your dry-run you start with as testing scenario that you have no contact and take an action to establish contact.
For example: “I call the person”
Next you roll the D20 and anything value between 11 and 20 means success and everything under 11 is failure. Let’s say we have 5. That means it was a failure and I will need a way to contact the same victim in a different way.
What you are actually doing is defining a set of states so that you can determine a critical path-like schema to get to successfully social engineering your target. The idea is to increase your success but it will not guarantee it.
This gives us the ability to come up with pretexts that are plausible. It is very important to understand to take this not too far.
Human brains are pattern machines, they look for patterns and when information is missing we fill it in ourselves. Good examples of that are that we assume that the picture on the desk is a picture of family and the hottest girl/guy in the club is seeing somebody.
In our final blog post in this series we will go into attack execution.