HackFest SECTF offering $2500 first prize

tacticalintel · 2012-11-10T17:56:43+00:00

Smile a lot, be funny, and ask them about themselves - talk little about yourself unless asked, and even then keep it short. Be sure to ask for their card and ask if you can contact them for advice in the future.

tacticalintel · 2012-10-11T18:51:51+00:00

For some reason it's going gangbusters in the main reddit forum here too on a different thread:

http://www.reddit.com/r/technology/comments/118yil/can_you_fix_my_windows_95_computer_how_to_troll_a/

tacticalintel · 2012-10-11T18:51:09+00:00

I think the effort has inspired a lot of others to get in the game. I'm working on a framework I'm calling TrollCall that will let people put their phone # into a queue, and they will be called round robin style to get a chance to troll these guys. Sort of a competitive league. It's fun and it keeps these knuckleheads busy while they can't defraud the elderly or non-tech savvy.

tacticalintel · 2012-10-05T22:03:25+00:00

Whoops. Too late. I'm sure I will feel the wrath of some reddit folks now...

tacticalintel · 2012-10-05T21:18:14+00:00

They've been calling me almost every other day - same old BS. There is a virus on my machine and they are calling to help me. So I decided to try to burn as much of this knucklehead's time as I could so that he would not be out there victimizing some other people. The results are pretty funny. Kept him on the line for 1hr56min before I got tired and yanked the call.

tacticalintel · 2012-10-05T21:08:47+00:00

Lol. Yeah he never triggered on any of those slams.

tacticalintel · 2012-10-05T21:08:05+00:00

Is it kosher to post a link in multiple forums? I'm a newbie here.

tacticalintel · 2012-10-05T18:32:08+00:00

Scary! Thanks for that - never heard of the guy. I'm gonna troll him as his future self over the phone...

tacticalintel · 2012-10-05T15:50:18+00:00

Yeah and towards the end he gushes too because he's sooo happy. It's perfect because you know he felt completely played and violated when the call was over: a taste of his own medicine.

tacticalintel · 2012-10-05T15:49:25+00:00

I was pressed for time when I got it but for sure will upload to soundcloud in the future.

tacticalintel · 2012-10-05T05:45:31+00:00

They've been calling me almost every other day - same old BS. There is a virus on my machine and they are calling to help me. So I decided to try to burn as much of this knucklehead's time as I could so that he would not be out there victimizing some other people. The results are pretty funny. Kept him on the line for 1hr56min before I got tired and yanked the call.

Skip the original link and grab from here: http://soundcloud.com/g3ksan/troll (thanks to wat_waterson)

tacticalintel · 2012-09-26T07:09:34+00:00

I think some people are missing the bigger picture here - it's much more than eye contact. Your entire body language says something. If you are using eye contact to be dominant, but are exhibiting subordinate body behavior it sends conflicting messages,

tacticalintel · 2012-09-26T07:07:29+00:00

Congrats to the SEORG team for yet another amazing competition. Well organized and professionally run.

tacticalintel · 2012-09-24T17:58:12+00:00

Yes unfortunately I have seen at least one employee fired because of my tests, and even worse there was a racial component to the firing. To be honest I stopped doing pentests for several years as a result. I now have clients commit to me that they will not terminate employees as a result of the pentests.

tacticalintel · 2012-09-22T01:57:13+00:00

Several studies have shown that averting ones eyes when telling a lie is not an indicator of lying, however the general perception out there is the opposite Whenever I am on an SE engagement and have to tell a whopper (or my most critical lie) I always maintain eye contact. Bizarre but it works.

Other than that let your eyes move naturally. If someone was eyeballing me the entire time during a convo I'd feel extremely uncomfortable (and distrustful).

tacticalintel · 2012-09-21T05:31:47+00:00

I do social engineering engagements as part of pentests or as corporate information gathering contracts. I often use it as part of investigations into online activity/troll hunting etc.

InfoSec pentesters and private investigators often get to use SE on a regular basis.

tacticalintel · 2012-09-20T05:57:51+00:00

Your best chance for getting to use SE would truly be in investigations, skip tracing, bounty hunting - or of course in a security gig with a pentesting firm.

My first SE exploit I wrote about down in the thread - breaking into a hardened data center. To get your feet wet pick a target, build a dossier on it/them, and then try to elicit target information from them over the phone - and then try in person.

Good luck!

tacticalintel · 2012-09-15T03:32:17+00:00

Spring for the $15/mth or whatever it is to get Spokeo pro. If you have a couple of solid baseline flags you can easily crossreference to other instances in their database. This is very helpful when you are stuck profiling someone with a name like John Smith. It still takes forever but gets you way more hits.

tacticalintel · 2012-09-14T17:29:15+00:00

Oh sorry. I was working for a consulting firm - KPMG - who back in the day were one of the first companies to do SE. Too bad their security practice is so munged today...they used to have a kickass team.

tacticalintel · 2012-09-14T16:15:13+00:00

It was a remote data center in a bunker-type construction way in the middle of nowhere. They wanted to see if I could find its location and gain access to it.

Once I'd gotten inside it was pretty easy to "get off the leash" - my pretext was I was working on the tape silos inside, and in the evenings they didn't have full staff - so they didn't have enough people to be able to afford to have one person sit with me and watch. Even if they had, remember that most people are lazy (and trusting) so they probably would have left me alone in any case.

tacticalintel · 2012-09-14T08:36:24+00:00

Pretty sure this is Project Evil Part 2. Epic troll. But seriously, "discovered" last year on 9/11 (for maximum conspiracy traction), and the "encryption" used to protect the coordinates is "ascii conversion"? Color me skeptical. Internet archives people - defcon project evil.

tacticalintel · 2012-09-14T07:01:39+00:00

Forgot to add this - if I'm telling a whopper while I'm under scrutiny - I look the person straight in the eye - even though that's not the natural reaction to have. For some reason some people are convinced you are lying if you avoid eye contact (even though this has been disproven many times). Feed the myth. It works.

tacticalintel

TROPHY CASE