Recently we had quite an interesting engagement and we have been allowed to share some of the details! Objective: Gain physical entry to a building for the purpose of impromptu network penetration test and wireless testing. Company Arena: Global Offices, Finance, High Security Chances of a consultant wandering around with a laptop for an hour un-noticed: 0 In the… Read more →
Social engineering attacks can normally be quite deceptive and hard to understand, the attack should be a little like magic in the way a victim should be left questioning how you did it after it’s all over. Although as an industry we try our best to relay usable advice to the vulnerable, to prevent the worst kind of magic from happening! –… Read more →
We often talk about the unknown ‘attackers’ out to get us in the context of cyber security, but the majority of these types are not confrontational people – they barely deserve the term attacker. They hide in the shadows with their TOR browsers and anonymity supporting anonymous or whoever the favourite hacking group is that month. If you want to… Read more →
We attended the Gibraltar Cyber Security Summit this week. It’s an initiative to bring together policing departments, local authority and cyber crime related experts. Speakers from the AFP, FBI, NCA, GCHQ and others took to the stage to transfer essential knowledge to an audience of Gibraltar’s business delegates. The line-up of speakers includes some of the industries celebrities such… Read more →
So it turns out us humans aren’t the only ones with a few flaws when it comes to an inbound phishing email! Often uttered from the crowds at every infosec event is the dreaded cliché statement, “Well, humans are the weakest links in security” but not today, stand proud as we take the time to shame our binary companions. In testing and teaching… Read more →
It’s always DNS. If something has broken online the first step is normally checking what the DNS is doing. Similar when we try to discover all we can about an organisation in the recon stages of any assessment it’s also DNS that makes a re-appearance first on the list. ‘Hackers’ or in our case – ethical social engineering consultants, will… Read more →
Last week you might have heard in the press about a phone scam that’s is supposedly sweeping the nation. The dreaded, super sneaky ‘Can you hear me’ scam. Fraudsters will ring you and ask the question “Can you hear me?”. When a victim replies “Yes” the audio is recorded and used to entrap you in a legal contract. Now even… Read more →
Recently I stumbled across a publication from HMRC, it stated the forms of communications they would use to contact the tax paying public. Example messages were displayed in an attempt to ‘whitelist’ communications. Basically, if you receive correspondence that looks like the examples listed, it could be from them. Some excerpts from the article found here read: Text messages HMRC is… Read more →
This is a copy of a guest blog authored for Ascertus Ltd, feel free to read the post over here. Whilst content in our 9 – 5 employment, slightly resentful that our personal activities aren’t getting the attention they deserve, it’s easy to forget about the true value of things around us – especially their inherent value to other walks… Read more →
Over 100 Billion SMS messages are sent per year in the U.K., whilst this figure continues to fall due to mobile device users opting to use alternative communication mediums such as WhatsApp, Facebook Messenger and Signal – we are still a nation dependant on this older form of messaging. If you think it’s going to disappear anytime soon you should… Read more →
As an English speaker, I mainly stick to Latin characters and some symbols that cover my day to day needs. I demand payment in £, I add a few &@! to my passwords and I am known to include the odd mathematical UTF-8 character when expressing my <3 of something. But the latin language has many more variants, IDN character… Read more →
In recent Apple iMessage updates, the way links are handled within an SMS message have changed significantly and this adaptation poses quite a concern for us. Early 2016 we were the first company in the UK to offer SMShing services, these SMS messages are like phishing emails and contain a pretext alongside a link within the message. When a mark… Read more →
Original article by IT Governance: here So a while back I was interviewed by Lewis Morgan from the IT Governance Blog and thought i’d share this on the site. It is a little tongue in cheek reading it back actually! But genuine none the less. First, let’s quickly cover the basics: what is social engineering? Well, a good question straight… Read more →
In this post, I wish to cover ‘Sim Swap Fraud’ and some of the ways we can prevent it. I’m not a natural writer, I only do these blogs in hope people will listen up and improve security. So feel free to read the Vice Post inspired by this research instead. What is Sim Swap Fraud In fact, let’s first… Read more →
I grew up in Yorkshire and of all the likeable local traits there is, there is one I despise. The gruff, basterdised local accent. Londoners mistakenly view you as a farmer and there is no risk of hearing the tones of how we speak on the ten o’clock news. I was 12 when I learnt that ‘nowt‘ was not a… Read more →
When considering the security threats your organisation will encounter you would be forgiven if the humble bin slipped your mind. Every instance of this invisible cyber, hacking, scare story we receive on the media these days is referring to ‘complex and sustained attacks’. The innocent rubbish receptacles definitely don’t seem complex… But there is a wealth of knowledge hidden amongst… Read more →
This month I have been looking at the way in which a small minority of TalkTalk customers are suffering from the rise in social engineering attacks. It seems post CPW/TalkTalk breach real evidence of further frauds is apparent. Victims can be seen. Already in full focus of the media is the trail of destruction left by the recent 2 breaches… Read more →
An interesting article by SC Magazine regarding a study that suggests brainwaves could be used to assess if an applicant will be a security hazard. At The AntiSocial Engineer we believe staff are never beyond help, we work together to improve our weakest link and we grow stronger. Thanks to Doug at SC Mag for toning down our opinion condemning… Read more →
