28C3 - Version 2.3.5

28th Chaos Communication Congress
Behind Enemy Lines

Day Day 4 - 2011-12-30
Room Saal 1
Start time 14:00
Duration 01:00
ID 4856
Event type Lecture
Track Hacking
Language used for presentation English

The engineering part of social engineering

Why just lying your way in won't get you anywhere

All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach, what if i get in and don't know what to do then. The talk is about the reconn. before the assessment, the different approaches of SE. Which techniques can one use, how to do a proper intel. and what is useful. How things work and more important why. Which skill set should one have before entering a engagement. And last but not least how do one counter a SE attack.


Needed Skillset:

-physical (ie.NLP)

-logical Customer Preparation:

-theoretical models of attack

-check customer needs by his business


Preparation & Reconnaissance:

-threat modeling



Project Planing:


-the target


-fetching data/reaching the target


-backup plans


Find & fetch the data:

Exfiltrate the data:

Writing report:

Business impact analyses:

customer meeting: