Hi, i'll delve right into this topic and hope it'll make up for my absence recently, but I have a lot on my plate. I'll bring up a topic of mine which you know is dear to me. Social-engineering.
I've seen people online saying social-engineering is something you become, and that you can become an actual social-engineer. As true as that is to an extent, I wouldn't necessarily say it's something you become, because if you ask me, i'll tell you right now that many people already possess this set of skills, they just don't know of it's presence, because they dont see it as an exploitation method.
Because, in our daily lives, there are things we don't want to do (no surprise) and we want a way out of it. It could be anything as an extra shift, a boring dinner, a reunion perahps and so on. So how would one refrain from attending these events? A 'im sick I cant come... sorry* or, "My friend is going into labour" A little over the top, but you know whatever works.
Those are already perfect examples of social-engineering. People realize that in order to achieve their desired result, they need to figure out what the person they need to persuade is 'vulnerable' to. (To put it bluntly). I mean, if you texted your friend, "Hey I dont want to go to this boring wedding or dinner, you can just go alone" He would probably respond back with agitation.
So we avoid that with an excuse. This is where I think social-engineering becomes very relevant and interesting, because we as humans realize that people are vulnerable to certain things and topics, and we therefore use those to skip unwanted events.
Analyzing your 'target'
When we want to obtain credentials from our target, we need to persuade them. And what do we need to establish in order to persuade them? Trust. This is the core of exploiting people using social-engineering. Social-engineering is built upon human interaction, and that relies upon trust because people wont believe what you tell them if they dont have a certain amount of trust to you.
Call me crazy, but I think it is very important to know your victim when exploiting them. Knowing their values, morals, what they like and dont like in terms of food, sports, tv shows, literally everything. The more you know all of these things, you literally have an insight to their entire life. Thereby being able to know exactly what to say, in what context to say, and maybe even saying it in a certain way to convey your message stronger.
I hope you can follow along, because its very fascinating.
This concept of human exploitation really comes down to how we as humans are thinking and perceive things. Imagine if humans weren't easily fooled. A good example of that would be magic. A magicians mission is to make you believe something, and he/she does that by showing your eyes one thing, when in reality the trick is going on elsewhere.
Imagine if we as humans needed further proof to these magic tricks. I mean, we all know it's a hoax, but yet we leave these shows feeling convinced in a way, because we saw it with our own eyes right in front of us, heck yo might even have been up there to help with the trick.
So, in order to exploit your victim, you should know literally as much about them as possible. What hobbies they have, sports preferences, favourite tv shows. All of these factors are things you can use in your convincing argument, and with the right context and use of words you'll seem convincing.
It's really a big topic, and i'll definitely be doing more articles on this topic. For the upcoming articles i'll be jumping to some anonymity, one of my also dear topics.