Christopher Hadnagy

Combining those two definitions you can easily see that social engineering is the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives.

social engineering is not just believing you are playing a part, but for that moment you are that person, you are that role, it is what your life is.”

I told her that most people use simplistic passwords that combine things like their spouse’s name, his or her birthday or anniversary date.

For penetration tests and social engineering audits I use a Linux distribution called BackTrackthat is specifically designed for this purpose.

Two BackTrack tools that are particularly useful for information gathering and storing are called Dradis and BasKet.

The information I include is items from the client’s website, Whois information, social media sites, images, employee contact info, resumes found, forums, hobbies, and anything else I find linked to the company.

Once Dradis is installed and set up, you simply browse to the localhost and port you assigned, or use the standard 3004. You can do this by opening a browser and typing https://localhost:3004/.

A researcher named John Matherly created a search engine he called Shodan fwww.shodanhg.com).

Password profilers such as Common User Passwords Profiler (CUPP) and Who’s Your Daddy (WYD) can help a social engineer profile the potential passwords a company or person may use.