My talk at BSides Philly on December 3 is called “Hacking the Human: Social Engineering Basics,” and it’s about providing a social engineering foundation for people to adapt to their individual situation and needs. “Teach a man to fish” and all that, you know?
Over the course of the talk I reference many thinkers, philosophers, psychologists, and even spiritual leaders who have noticed similar patterns or rehashed similar points throughout history.
It starts with the simple proposition that our world is not a meritocracy; it’s not based on fact, merit, or objective reality. Worse yet, truth can even frighten, anger, or disenchant people.
As a result, one of the most successful methods to use is abusing self-interest. This idea has been repeated by the likes of Blaise Pascal and Robert Green of “48 Laws of Power” fame. We also have an internal narrative, or “inner story,” that we tell ourselves to make the cruel/impersonal nature of the universe easier to deal with. Learning this “inner story” is immensely powerful.
Next, we have “wearing masks,” AKA creating a new “face” to disassociate yourself from a situation. It’s a bit like spinning up a new virtual machine of yourself. This has some nuances and dangers to it but with the basics in place, we can move on to the ancient art of storytelling as explained by Kindra Hall and Dan Harmon. I’ve found Dan’s circular model to explain not only good story-telling but also most communication ranging from presentations and conference talks to sales pitches.
After being able to tell effective stories, we look to Stanislavsky’s “method acting” for advice on blending in and OSINT techniques. This happens through meticulous people watching and practicing in “downtime” where we can fail with fewer consequences. Continuing the theme of OSINT, we then look to perception and peripheral vision skills/training and abusing the information age with sites, such as Glassdoor, Spokeo and Data.com.
With all of that groundwork in place, the next step is being able to gain trust. This is achieved with Dr. Arthur Aron’s method of using mutual vulnerability to foster closeness.
Finally, we come to examine the inherent nature of change and coherence in our world along with various ways to abuse our natural processes for learning/decision making through USAF Colonel John “40 second” Boyd’s OODA loop.
This talk is a slightly trimmed version of my blog series on the topic, which can be found here.
About the Author: Dave Comstock is a Sys/Net admin, infosec noob/junkie, lock sports enthusiast, and social engineering for funsies. Tech junkie since the days of ribbon cables, anti-static wrist guards, and running games like Tetris and Qbert from the DOS prompt. Social Engineer since before I knew the proper term with my favorite pastime being playing “games” with people to see what I could do or get away with.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.