Social Engineering

Password profilers such as Common User Passwords Profiler (CUPP) and Who’s Your Daddy (WYD) can help a social engineer profile the potential passwords a company or person may use.

A researcher named John Matherly created a search engine he called Shodan fwww.shodanhg.com).

Once Dradis is installed and set up, you simply browse to the localhost and port you assigned, or use the standard 3004. You can do this by opening a browser and typing https://localhost:3004/.

The information I include is items from the client’s website, Whois information, social media sites, images, employee contact info, resumes found, forums, hobbies, and anything else I find linked to the company.

Two BackTrack tools that are particularly useful for information gathering and storing are called Dradis and BasKet.

For penetration tests and social engineering audits I use a Linux distribution called BackTrackthat is specifically designed for this purpose.

I told her that most people use simplistic passwords that combine things like their spouse’s name, his or her birthday or anniversary date.

social engineering is not just believing you are playing a part, but for that moment you are that person, you are that role, it is what your life is.”

Combining those two definitions you can easily see that social engineering is the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives.

important to remember that self-confidence is always relative to the task and situation.