BSidesNcl 2021 Old Still Cool Daniel Isler Krarup

Obtaining access and sensitive information from critical areas in three cases of merging classic Social Engineering formats under the concepts Physical Spear Phishing and Vishing Web Scam. The physical-digital tools and techniques used for the realization of the objectives will be explained. Controls and filters advance according to market demands and it is becoming increasingly difficult to perform generic phishing simulations with a considerable scope, without these being rejected by security systems, reaching the spam mailbox or alerting security filters and preventing the integrated display of malicious mail. How to bypass an antivirus in a service under a black box format? How to bypass firewalls so that systems can be accessed without being stopped? Is it necessary to go unnoticed? This paper presents 3 cases of mergers of classic Social Engineering formats united under concepts that we call Physical Spear Phishing and Vishing Web Scam. The physical-digital tools and techniques used for the realization of objectives will be explained.