Old Still Cool

Old Still Cool Obtaining access and sensitive information from critical areas in three cases of merging classic Social Engineering formats under the concepts Physical Spear Phishing and Vishing Web Scam. The physical-digital tools and techniques used for the realization of the objectives will be explained. Controls and filters advance according to market demands and it is becoming increasingly difficult to perform generic phishing simulations with a considerable scope, without these being rejected by security systems, reaching the spam mailbox or alerting security filters and preventing the integrated display of malicious mail. How to bypass an antivirus in a service under a #blackbox format? How to bypass firewalls so that systems can be accessed without being stopped? Is it necessary to go unnoticed? As a unit we have specialized in the last five years in the development of pretexting, persuasion techniques and extremely particular and effective simulation scenarios. This paper presents 3 cases of mergers of classic #SocialEngineering formats united under concepts that we call Physical #SpearPhishing and #Vishing Web Scam. The physical-digital tools and techniques used for the realization of objectives will be explained. One of the first difficulties we have in SE services is the short time we have in relation to an organized criminal band. They manage to carry out effective attacks after periods of six to twelve months of research and testing. We only have 5 to 10 days for the entire project: Information gathering, execution and reporting. So, trying to replicate the real-time flow of an attack's entirety is unworkable and trying to emulate it in such a narrow time only yields results that are not close to reality, thus generating false security in the collaborators involved in the simulation. For this we were obliged to look for processes and techniques that would place us in a realistic scenario of high reach. Daniel Isler Daniel is a Security Consultant, a bachelor’s in arts of Representation, an Actor and a Scenic Communicator. With more than 10 years of experience as an academic in Acting classes in several Universities. Since 2015, Daniel is leading Fr1endly RATs, the Social Engineering unit at Dreamlab Technologies Chile. He specializes and develops techniques and methodologies for simulations of Phishing attacks, Vishing, Pretexting, Physical Intrusions and #RedTeam. Certifications / Competencies: Advanced Practical Social Engineering, Orlando, FL, USA. Physical Red Team Operations, Saint Paul, MN, USA. OSINT Crash Course, The OSINTion, USA. Usable Security, University of Maryland, USA. Improvisation Summer School, Keith Johnstone Workshop Inc. Calgary, Canada.