pull down to refresh

19 sats \ 1 reply \ @ek OP 30 Mar \ parent \ on: Social Engineering Practice 0x03 security
I think you can get information at the reception desk by posing as a resident. Go in before the shift change or by phone and say that you are a new resident and that you are throwing a party and ask how guests are allowed to enter. Do they need to call in advance or is a list enough? Is visitors allowed as well? Depending on the availability of the person you are talking to, you can mention the 8th floor and how this area is reserved for residents.
I think this approach is way too risky. Asking for all kinds of information about how 'guests' can enter would likely lead to a longer conversation, making it easy for them to eventually realize that I'm not actually a new resident. New residents probably receive all the necessary information in their contract, so that would likely be their first question:
Sir, have you not read the contract?
At that point, you've lost the initiative and are now the one answering questions instead of asking them. You either need to be extremely well-prepared—which comes with opportunity costs—or they'll quickly become suspicious. A social engineer should enter and exit the building without raising any suspicion.
To make this a lot less risky, you could call them with a fake number so they at least haven't seen your face when things went south. But still not effective imo.
Another solution I thought of is to research a unit that is for sale and pose as the agent for the unit. Ask someone else to call in advance, posing as a resident, and say that the agent will go to the unit with potential buyers who want to see the building and the common areas.
Also too risky. You're trying to impersonate people that usually already have established a relationship with them beforehand. But you just showed up, so that's very suspicious. Same with the "new resident" approach: they probably know the faces of their new residents or at least have a list with all of their information including their face at hand.
The problem with all this is the surveillance, in any case they will know that you are there for a short time and that you shouldn't be wandering around.
I think the main problem is that this seems too much like out of Hollywood. This ain't Hollywood, this is real life with real consequences.
Still thanks for the answer though! Gives me a chance to explain how I think about approaching this situation.
write
preview
0 sats \ 0 replies \ @LibertasBR 30 Mar
I thought of different approaches to achieve the goal. When you said it was a real case, I had already sent my response and didn’t want to change it lol.
Well, in this scenario, and considering your update, it’s clear that security is well-prepared in blind spots—they have a great security expert. I still think my approach is valid, though it would need a lot of additional details and refinements, especially if the goal is to gain access only once.
Since you managed to reach the 8th floor via the stairs and the door has a simple lock, wouldn’t a lockpick be viable?
I can only think of approaches that allow you to access the place once, like cloning your friend’s NFC card or even trying to get a duplicate.
An opportunity might be to enter during an event, but that would be a risky move—you’d be burning a chance and might get sent back by the host.
reply