Elicitation Guide?

resources
socialengineering
hacking

#1

Im an extremely Extroverted Person. I love people, to the point i have full blown conversations with people inside a store, or gas station, as if we have been friends for years. I dont really have that much knowledge base about exploits, or full on pentesting…YET!

I am still learning, but i know that in a lot of “hypothetical Situations” i can rely on my social skills heavily to do a lot of the work. One of my white hat friends is always amazed at how much work load i could possibly save just by being a people person.

I have read hundreds of books, watched plenty of lectures, and practiced many techniques revolving around reading peoples body language, judging tone of voice to feelings, and using my ability to gain someones trust in 5 minutes or less. I recently have found myself going into hotels, businesses, etc…etc… to see how long i can blend in before anyone notices. You would be surprised how many people dont care to ask who this in a button up and tie, walking around with an iPad is.

There is just, something so Clandestine about it, as if i was living in a spy film that drives me to do it. I wont do anything crazy and go into government buildings, or do any damage, However it is amazing how fast you can sharpen your social skills by just pretending, Either in person, or over the phone.

My tech skills are not up to par with most in this awesome community…but my social skills are definitely a strong suit worth sharing. Its one of the few things i can try to contribute to the community for the time being.

So my question is, Would there be anyone interested in a guide to “Pretending” ?

If so let me know below, and include certain topics, or situations you would like me to include.


#2

After Posting this i saw that @n3xUs has already made a guide to this, So i will try and include some things that differ from his, or put my own take on it. But if this is something you are really looking for i recommend his super in depth guide.

N3xUs Social Engineering Guide - Social Engineering - Part 2 - Elicitation


(Not a N00b, but still learning) #3

Would be very interesting if you write about your techniques! Looking forward to it :slight_smile:


#4

Thanks Man! Will Get Started in a few days!


(Security Architect & Founder) #5

This would be really good. I have recently seen ‘Catch me if you can’, and that is a lovely portrayal of social engineering.

I can social engineer over the phone fairly well, although I struggle to fake my physical body language. It would be cool if you would discuss some exercises one could do in order to improve their social engineering stance? SE is so important for a successful pentest.

Looking forward to it.

- pry0cc


(oaktree) #6

Oh! This is also probably good for those of us computer people than can be really awkward! <---- me


([email protected] [email protected]) #7

I agree! I’m the opposite though. It’s difficult for me to SE over the phone but in person it’s a lot easier. There honestly is something surreal about it all.

@Bugsy I would absolutely love to see you do a guide and point out some helpful tips for us!!


#8

Would definitely be appreciated if you @Bugsy make a somewhat tutorial-like/explanatory more elaborate post about all that.

Social engineering is IMHO still not recognised enough or taken seriously as a threat.
If you’re good at this you can amass so many private/sensitive information about a person…


(Security Architect & Founder) #9

The thing that works for me on the phone, and might help you, is that you can hang up at any time. I can quit if it goes wrong. In person that can be much more difficult to eject.


(Security Architect & Founder) #10

I actually read this book and it was very insightful.

@Bugsy you may want to link to this in your next article!


(Not a N00b, but still learning) #11

I can also totally recommend this book. I bought it some time and it is great.


#12

OMG Guys! i am so happy that there is alot of interest in this! i am super excited to get working on this! thank you all for your suggestions! I will get started asap, just been busy going through the Vault 7 Leaks.

Things i am wanting to include

  • Basic Conversational Skills
  • Fun Exercises
  • How to read a persons emotion
  • Reading body language (truths, lies, Skepticism, Trust)
  • Phone Skills
  • Accents (how they help)
  • Strength in numbers (how a wingman can help you)
  • Video evidence of me social engineering (Nothing Illegal)
  • Audio Tapes of me SE over the phone (Nothing Illegal)

I Will always be taking suggestions to make this an awesome SE guide, and thanks for the book suggestion @pry0cc I just purchased it and will start reading through it. I am so glad i found something i can contribute to this awesome community!


#13

Sounds a solid series covering everything one needs to know to get started :wink:.
Looking forward to it


#14

Yes, would be awesome!


(Security Architect & Founder) #15

OH DUDE. I am very looking forward to Video Evidence + Audio Tapes. That is going to be absolute gold. If you need some hosting for those files hit me up and we can sort something out (if you don’t use youtube or vimeo).


#16

Alright boss, sounds good! i will let you know man.


#17

Hey @Bugsy, thanks for the shout out! It’s nice to see someone else taking interest in Social Engineering AND make posts about it.

I must say, I’m quite the opposite. I’m not an extremely introverted person (i.e social anxiety, etc…), but I wouldn’t strike a conversation with a random Joe on the street.

Like I previously mentioned in my posts, everybody has a somewhat different approach when interacting with a target or gathering information. For example, I, as an introverted indivual, would most likely try to gain information on my target by indirect contact, meaning I’d observe him/her from afar, try to understand his habits & behaviours, slowly infiltrating into his life and if I had to directly contact him, I’d probably have some kind of script or a few bullent points to guide me through the conversation.

You however, being an extroverted person, would most likely gather “all” the data you need by simply directly interacting with said target without having to through all the trouble of passive data gathering (which is not to say it’s not important).

@pry0cc This is a WONDERFUL book. Most of my articles are heavily inspired by it. I believe he has written another book that fits into this subject, however I can’t recall the name…


#18

I think the book is “Unmasking the Social Engineer: The Human Element of Security”


#19

Yup, that’s the one! Here’s the link if anyone’s interested: https://www.amazon.com/Unmasking-Social-Engineer-Element-Security/dp/1118608577


#20

I’ll order this one after I finish my current book. Thanks