Recently we had quite an interesting engagement and we have been allowed to share some of the details! Objective: Gain physical entry to a building for the purpose of impromptu network penetration test and wireless testing. Company Arena: Global Offices, Finance, High Security Chances of a consultant wandering around with a laptop for an hour un-noticed: 0 In the… Read more →
Social engineering attacks can normally be quite deceptive and hard to understand, the attack should be a little like magic in the way a victim should be left questioning how you did it after it’s all over. Although as an industry we try our best to relay usable advice to the vulnerable, to prevent the worst kind of magic from happening! –… Read more →
We often talk about the unknown ‘attackers’ out to get us in the context of cyber security, but the majority of these types are not confrontational people – they barely deserve the term attacker. They hide in the shadows with their TOR browsers and anonymity supporting anonymous or whoever the favourite hacking group is that month. If you want to… Read more →
When you look at the past few years our business has really started with an idea and developed into something meaningful. It was designed to make a difference to the security industry and post-startup we have began to see the fruits of our labour. At the start of this year we formalised our business aim: The AntiSocial Engineer Limited wants… Read more →
There have been rumours of a potential data breach over at The AA UK, through a series of statements and replies observed on social media it was quiet worrying to build a jigsaw picture that displayed these such issues. As the week unfolded more and more seemingly connected events were observed. We first saw this publicly on a Twitter post… Read more →
At the end of last week, news organisations started reporting of a ‘sustained and determined attack’ against the mailboxes of the 650 members of parliament and staff. In the initial release of information it is quite clear the login portal was the target of an automated attempt to log-in and subsequently the log-in portal has been taken offline. Somewhere in the… Read more →
We attended the Gibraltar Cyber Security Summit this week. It’s an initiative to bring together policing departments, local authority and cyber crime related experts. Speakers from the AFP, FBI, NCA, GCHQ and others took to the stage to transfer essential knowledge to an audience of Gibraltar’s business delegates. The line-up of speakers includes some of the industries celebrities such… Read more →
On Wednesday the 3rd May 2017 a Phishing campaign propagated across the internet affecting Google users. It was like nothing we’ve seen in recent years. Now the issue has been resolved and the risk mitigated it’s time for some reflection. I’m sure you will be aware of how the Google Docs phishing campaign spread, users were tricked by authorising a… Read more →
When we look at online social media, it has been adopted in one flavour or another by nearly all of us. The way we project our persona online has slowly replaced the media of yesteryear. Expression is nothing new; throughout history, people have displayed their wealth, status, literary prowess and wit in the hope of being desired, feared, pondered and… Read more →
So it turns out us humans aren’t the only ones with a few flaws when it comes to an inbound phishing email! Often uttered from the crowds at every infosec event is the dreaded cliché statement, “Well, humans are the weakest links in security” but not today, stand proud as we take the time to shame our binary companions. In testing and teaching… Read more →
It’s always DNS. If something has broken online the first step is normally checking what the DNS is doing. Similar when we try to discover all we can about an organisation in the recon stages of any assessment it’s also DNS that makes a re-appearance first on the list. ‘Hackers’ or in our case – ethical social engineering consultants, will… Read more →
Last week you might have heard in the press about a phone scam that’s is supposedly sweeping the nation. The dreaded, super sneaky ‘Can you hear me’ scam. Fraudsters will ring you and ask the question “Can you hear me?”. When a victim replies “Yes” the audio is recorded and used to entrap you in a legal contract. Now even… Read more →
Recently I stumbled across a publication from HMRC, it stated the forms of communications they would use to contact the tax paying public. Example messages were displayed in an attempt to ‘whitelist’ communications. Basically, if you receive correspondence that looks like the examples listed, it could be from them. Some excerpts from the article found here read: Text messages HMRC is… Read more →
This is a copy of a guest blog authored for Ascertus Ltd, feel free to read the post over here. Whilst content in our 9 – 5 employment, slightly resentful that our personal activities aren’t getting the attention they deserve, it’s easy to forget about the true value of things around us – especially their inherent value to other walks… Read more →
Over 100 Billion SMS messages are sent per year in the U.K., whilst this figure continues to fall due to mobile device users opting to use alternative communication mediums such as WhatsApp, Facebook Messenger and Signal – we are still a nation dependant on this older form of messaging. If you think it’s going to disappear anytime soon you should… Read more →
It’s been 2 years to the day since The AntiSocial Engineer Limited was founded; The seasonal timing and also the fact we seem to be doing enough right to pay the bills have made us sit down and question where we take it from here. It sure has been educational and part of our future plans came from a reflection on… Read more →
As an English speaker, I mainly stick to Latin characters and some symbols that cover my day to day needs. I demand payment in £, I add a few &@! to my passwords and I am known to include the odd mathematical UTF-8 character when expressing my <3 of something. But the latin language has many more variants, IDN character… Read more →
In recent Apple iMessage updates, the way links are handled within an SMS message have changed significantly and this adaptation poses quite a concern for us. Early 2016 we were the first company in the UK to offer SMShing services, these SMS messages are like phishing emails and contain a pretext alongside a link within the message. When a mark… Read more →
For nearly a year we have had a tale we’ve told to friends and business associates. The tale involves TalkTalk and how one day we found the data breach, alerted them and sparked the controversy that we all know to this day as ‘The TalkTalk Breach of 2015’. It’s been a funny year, with one NDA or another we’ve sometimes even… Read more →
To a modern business, a data breach can have devastating effects. We have seen TalkTalk hastily bungle, Sage coyly dawdle and much more generally mess it up, it’s got to change. We don’t spend all day hunting these elusive beasts either, but we have had our involvement in both mentioned breaches and feel we could offer some public insight to the very elusive modern mishap.… Read more →
Personal details and bank account information for employees of as many as 300 large UK companies may have been compromised as part of a data breach at Sage, a UK accountancy software group. August 11th, 2016 Sage UK Payroll services started notifying customers of a data breach effecting their staff payroll systems. A rather generic statement was believed to be provided… Read more →
August 2nd, 2016 I find myself in a high street bank. I’d just done a 3km run, which is like a marathon to a big bloke. I enter the doors and find a queue akin to the bread lines of post depression 1930’s America. I decide to sit it out on the sofa in the corner, whilst waiting I use… Read more →
The term insider threat is brandished around quite a lot these days, companies often talk about the weakest link in security being people. I guess they are almost right in what they say, but I can still dream about the world in which people can actually be one of our biggest strengths. The typical company sees the classic insider threat… Read more →
Original article by IT Governance: here So a while back I was interviewed by Lewis Morgan from the IT Governance Blog and thought i’d share this on the site. It is a little tongue in cheek reading it back actually! But genuine none the less. First, let’s quickly cover the basics: what is social engineering? Well, a good question straight… Read more →
