Journals

CodeBreakers Journal
Assembly Programming Journal

Journal Issues

Vol.5, No.1, 2008
Vol.4, No.2, 2007
Vol.4, No.1, 2007
Vol.3, No.2, 2006
RECON2006 Conf. Proc.
Vol.3, No.1, 2006
RECON2005 Conf. Proc.
Vol.2, No.1, 2005
Vol.1, No.2, 2004
Vol.1, No.1, 2004

Statistics

Members: 1925
News: 293
Web Links: 1
Visitors: 3821606

Who's Online

We have 1 guest online
Damn Vulnerable LinuxDamn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

T16-Recon2006-Joe_Stewart-OllyBonE.gif OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
Home arrow About/Disclaimer
Social Engineering for Penetration Testers
User Rating: / 0
PoorBest 
Written by Sharon Conheady   
Side Story
CUTLASS - Encrypted Communications for Everyone

Users on the internet are doing more and more of their daily work over peer-to-peer applications. Existing protocols such as SMTP and IRC are being replaced by peer-to-peer file transfer, voice chat, and text messaging systems. Unfortunately, the popular protocols are not secure, and the secure protocols are not popular.

In this talk, we will talk about the security properties of the existing peer-to-peer systems, as well as describing an open-source system in development, CUTLASS. CUTLASS aims to fill the niche for tools powerful and usable enough to be broadly popular, while still providing strong encryption and authentication, all in a BSD-licensed package. It supports encrypted voice, chat, and file transfer.

We will be demoing CUTLASS, comparing it to other systems in existence, and talking about future plans for the software.

Read More >>



In recent years, people have become more familiar with the term "social engineering", the use of deception or impersonation to gain unauthorised access to resources from computer networks to buildings. Does this mean that there are fewer successful social engineering attacks? Probably not.

In fact, because computer security is becoming more sophisticated and more difficult to break (although this is still very possible) more and more people are resorting to social engineering techniques as a means of gaining access to an organisations' resources. Logical security is at a much greater risk of being compromised if physical security is weak and security awareness is low. Performing a social engineering test on an organisation gives a good indication of the effectiveness of current physical security controls and the staff's level of security awareness. But once you have decided to perform a social engineering test, where do you start? How do you actually conduct a social engineering test?

There are many different types of social engineer attacks, from mumble attacks (pretending to be speech impaired on the telephone) to ten attacks (using an attractive person to distract security) to reverse engineering (helping the target individual with a technical problem and then proceeding to elicit information from them). In my career, I mostly use social engineering for intrusion, gaining access to an organisations building. Therefore, although I will describe a selection of attacks, my talk will focus on gaining entry to buildings. However, gaining entry to buildings more often than not involves identifying and communicating with a target individual or individuals by telephone / email / fax / etc., so I will touch briefly on these areas also.

Download: http://www.secure-software-engineering.com/downloads/recon2006/recon2006_Conheady_Social_Engineering_for_Penetration_Testers.pdf