Scripting Social Engineering Attacks - Dave Comstock

Script all the things! Streamline phishing, vishing, and gaining physical access to restricted areas by using modular social engineering scripts and pretexts. Gaining physical or virtual footholds is a crucial first step in a successful exploit chain. People are often times the weak-spot in company security so it only makes sense to start our attempts there. We'll focus on building up a playbook of various different characters, outfits, tools, and pretexts to use while exploiting self-interest, standard operating procedures, common corporate policy, social norms/taboos, and cognitive biases for maximum effect. Characters can range from posing as support roles such as IT, HVAC, plumbing, electrical, and other contractors to a newly hired employee, corporate auditor, market researcher, vendor rep, or job recruiter depending on pretext and what your goals are.