Home

Published

- 2 min read

Howto: Social Engineering - Part 1 - Introduction

redteam social engineering
img of Howto: Social Engineering - Part 1 - Introduction

Exploring the Depths of Social Engineering

Social Engineering has evolved significantly, integrating both psychological insights and practical techniques to influence and manipulate. This series aims to unfold the intricate layers of Social Engineering, from its theoretical underpinnings to real-world applications.

A Journey Through Psychology and Manipulation

The journey into Social Engineering is not just about the hacks; it’s about understanding the human psyche. Over the past three years, my exploration has spanned various dimensions:

  • Psychology: The bedrock of Social Engineering, providing insights into human behavior and decision-making processes.
  • Negative Manipulation Tactics: Techniques used by intelligence services, focusing on operational psychology and disintegration.
  • Interrogation and Negotiation Techniques: From the REID technique to Chris Voss’ strategies, understanding the art of conversation is key.
  • Modern Application: How Social Engineering is applied in today’s digital and physical worlds.
  • Provocation: The manipulation of groups and environments to achieve a desired outcome.
  • Intelligence & Security Studies: A broad look into the tactics used for information gathering and analysis.
  • The Crime Aspect of Cybercrime: Understanding the motivations and methodologies behind cybercriminal activities.

Key Techniques in Modern Social Engineering

Social Engineering today relies on a few, yet profoundly effective techniques:

  1. Shock / Surprise: Creating urgency to bypass rational thinking. Commonly seen in phishing and scams.
  2. Exchanging Context: Manipulating information to extract what’s needed. For example, pretending a car is blocking yours to learn its make and license plate.

General Disclaimer on Social Engineering

With all our articles about Psychological Manipulation we aim to help victims of such tactics. These days, Bad Actors use these techniques and tactics, outside of a legal context like Redteaming or Pentesting, for their own purposes. Thereby attackers are often crossing ethical borders, for reasons like Fraud, Blackmailing or just to put people under pressure, leaving their victims without resolution.

We provide detailed analysis of these techniques in hopes to create awareness, to help people understand what maybe has happened to them and to protect them against Social Engineering attacks.