Bactrack on the MBP

Waiting for the Genius to replace my kids iPod. Lol




- Posted using BlogPress from my iPhone

My new office.



- Posted using BlogPress from my iPhone

Progress being made

I can assure you the lack of posts is only due to me working on building the new site. Should be up in a few days. Going forward I will publish 3-4 pieces a day.


- Posted using BlogPress from my iPhone

Hacking the Interview -- Part 1

We have all had that interview where you walk out with that knot in your stomach knowing that it did not go well. This can happen to the best of us regardless of who you are and how good you are at your craft. The problem with an interview is that you have a very short time to self yourself to the potential employer. What if you could walk into an interview and know as much information about your potential new boss as his spouse? That would definitely change the odds in your favor. Now imagine if you could pick up on his or her social weaknesses within 

the first few minutes of the conversation?

  

This 4 part series will take a look at attacking the interview with some of the same tactics that hackers use to attack their targets. A huge inspiration for this series has been the work of the great guys over at Social-Engineer.org. As I will not be going into all of the tools and methodologies used, I suggest you take a look at their site and podcast. What I will focus on is the interview and how to apply social engineering to gaining an 

advantage.

To understand how to apply social engineering properly we must first dive into the “Social” aspect. Wikipedia says social is used in many senses and regarded as a “fuzzy concept”.  For the purposes of this piece lets refer to Social as the interaction between human beings. Every time you interact with someone there is always a sort of power play involved. In most cases it is not intentional just who we are as individuals. To gain the upper hand in the interview process, you need to be able to quickly ascertain what type of person you are dealing with. A good reference into gaining the upper hand is a book I have come to refer to as my bible, the 48 Laws of Power by Robert Greene. The 48 laws of power has insight into what characteristic traits powerful individuals share and how to develop those traits. It also focuses on identifying weaknesses in individuals which can be exploited to your advantage. I honestly believe this book should be on the reading list of every business course.

I grew up in Information Technology, as such unfortunately some of the specific issues I might outline will be geared towards IT guys. However, you can definitely apply this to whatever field you are in. The best IT guys are for the most part introverted and that leads to the issue of self-confidence when trying to sell themselves at the interview. I will attempt to provide you the guidance needed to get over the fear, or at least put it aside.  This is not a white paper on human character, so if it seems that I have gone tangent, I can assure you that I haven’t and throughout this article I will expand only on the two types of character traits that can be identified and exploited during the Interview.

• Introverted
• Extroverted

I myself was very much introverted and that has actually given me an advantage. I would always be on the outside looking in at what makes extroverted individuals successful. What I found through extensive research on the topic surprised me. It seems that the individuals who are extremely social for the most part are extremely insecure. They seek acceptance from peers and colleagues and will go through any length to get there. This trait can be identified and exploited very quickly. Introverted individuals are not necessarily polar opposites. They too seek acceptance, but are fearful of rejection and it will immediately show.

You can use these weaknesses to your advantage, both in personal life and during the interview process. Try this the next time you are in a social setting. 

Social Engineering can be defined in multiple ways, however essentially it boils down to using the tools you have to manipulate individuals into doing or revealing something you want them to. It is more complex than that, but I’ll let the human hacker folks dive into the logistics with you. The goal here is to introduce you to the basics and provide you with enough to master the interview.

So let’s dive in to the meat, shall we? You got the interview, now what to do you do? The e-mail has some vital 

information on the target:

·       

•          Name
•          Location
•          Time

Most of the people I know will just do a quick Google search and leave it at that. Well that’s a good start, but why limit yourself to only a single source of information? This is your future that’s on the line and you should use all the tools available to you. The explosion of social networking has multiplied the amount of threat vectors that criminals 

exploit, why not use them to your advantage?

Part 2 will focus on the specifics of information gathering and how to prepare you for the actual interview. I bet you’re thinking “oh what a jip, huh?” Ok, fine.. I’ll let you in on the absolute first thing I usually do when I get an interview, even before any of the fun information gathering.

What do I wear?

This used to be easy right? Suit and tie, well that is not the case anymore. The cultures have changed even in the most conservative of environments. You don’t want to show up dressed in a suit if everyone else is in denim. A trick I learned years ago is to call the main number listed for the organization and get the receptionists name. Pull the wrong routine and politely hang up.

A few hours later call back and run the following routine

“Hey insert receptionists name, it’s guy/gal from (pick a major vendor in the industry). I’m in a bit of a bind, I got a bunch of senior account reps heading over in a few days and they wanted me to see what the dress code is. I’m sure you wouldn’t want a bunch of overdressed sales guys roaming the office”.

This usually works for 2 reasons, the first being most people are genuinely good and want to help. The second is you are appealing to the self-interest of the receptionist. You are putting her in a position of power.

I hope you have enjoyed part 1 of the series. Also keep in mind that one of the components of my consulting business includes training companies on how to protect themselves from social engineering attacks. I’m an equal opportunist, what can I say. I don’t believe in security through obscurity, which is why I believe that information should be public to all.

Tons of stuff going on

First off apologies for the ads. They will be less prominent on the new wordpress site.

After last weeks blogger fiasco I am in the process of building the wordpress site. Changes are coming.

I will publish part 1 of the article in a little bit. Thank you all for your patience


- Posted using BlogPress from my iPhone

Now that the site is semi-up I'm working on the 1st article...

The first article should be done today... I know all of you at one point have had to deal with the horrid interview from hell, well... Stay tuned on how to social engineer the interview! Based on in part by techniques outlined by the great guys over at http://www.social-engineer.org as well as several other things I have picked up over the years. An interview is nothing more than a interaction by two individuals. The preparatory mindset you put yourself in determine the outcome.

I'll be providing several real world techniques for preparing you to conquer the interview, just as you had conquered that blonde at that bar that one time (in your mind anyway)...

Please be patient with the some of the site modifications while I'm going through my developer phase.

First Post...

I'd like to thank everyone for all of your help with getting this site set up fairly quickly. This site will focus on bringing you the latest in all aspects of Information Security.

I have a roadmap laid out in my head, so over the next couple of weeks, please forgive any changes that will occur. The ultimate goal will include a live weekly podcast, guest writers and a minimum of 2 exclusive security articles and/or how to guides a week.

I had hoped to have the site up in time for the first article to be a review of Backtrack5, but unfortunately it did not happen. I will have the review up by this coming weekend. Please check back soon..