Ready to Start Your Career?

Psychological Reconnaissance

CyberRat 's profile image

By: CyberRat

March 2, 2016

Psychological  Reconnaissance - CybraryAs most of you know, social engineering can be exceptionally powerful. In all cases, a social engineering assault is only as good as the engineer. Every fruitful hack - technical or socially engineered - must have been supported by reconnaissance. This kind of reconnaissance we're discussing here isn't recon of a machine, but of the victim. Recon for social engineering is possible by thorough watching the user's activity - seeing what sites they visit, and if they exhibit certain kinds of behavior. Doing ReconnaissanceFor recon, we basically need to watch the user and search for signs of certain personality traits. For instance, if we're viewing a victim's web activity through a MitM, we can gain a better understanding of the way that user thinks. Evaluating BehaviorBy understanding the user's behavior, we can build a better attack. For instance, if a user shows erratic conduct, we'll have to build something more eye catching to attract their attention. The best thing to look for while assessing behavior is patterns. In the event that you manage to identify enough patterns, you can get a good idea of a person's traits. Abusing VulnerabilitiesPeople are vulnerable, much like the Systems ,Computers and Servers they use. If you can identify a person's traits, you can build an attack optimized for them. By doing careful observation and assessing the victim's conduct, you can discover vulnerabilities in the individual. In summary, social engineering can be taken to the next level with the addition of some simple psychology. Learning more types of behaviors will increase your arsenal of exploits.This is simply a prologue to a much bigger subject; there are many different behavior types that have an array of ways to exploit them.Thanks
Schedule Demo