Archive for November, 2009
Social Engineering & Neuro-Lingustic Programming (NLP) Profiling
by Josh on Nov.22, 2009, under Uncategorized
As I mentioned in my previous post, I am currently working on some original research dealing with Social Engineering. For background, I have been reading some of the few books on social engineering. One of them, Hacking the Human, by Ian Mann, has been fantastic. One of the areas of research he goes into is some basic principles on using Neuro-Lingustic Programming to profile a target.
Neuro-Lingustic Programming (NLP) was first developed by Richard Bandler and John Grinder, as a form of psychological therapy. They felt there was a ”…theoretical connection between neurological processes (‘neuro’), language (‘linguistic’), and behavioral patterns that have been learned through experience (‘programming’), and that can be organised to achieve specific goals in life.” (Wikipedia)
One aspect of NLP that Mann brought out was the idea of observing eye movements to indicate current thought processes. For example, the idea that as one talks to themselves, their eyes drift bottom-right.
The following is a diagram of the different possible locations:
I found a great video that showcases this.
(Used with Permission)
I found this to be a very interesting concept–So I decided to test it out for myself. I asked the same questions as the above video to a friend, while videoing him answering. Interestingly, I got the same results, though not quite as pronounced as the above video.
To bring this back to Social Engineering: Mann saw this as a powerful tool to add to his repertoire for face to face social engineering attacks–being able to get clues to the current thought process of the target–even being able to tell, with a high percentage of accuracy, if the target is lying! (Mann, Hacking the Human)
Just another exploitable vulnerability in the being that is the called the Human.
-Josh
Josh Brower’s GCIH Gold Project
by Josh on Nov.07, 2009, under Uncategorized
Just wanted to give you a brief update on what I have been working on lately.
I am currently working on my GCIH Gold paper–My abstract was accepted by SANS, and I have been working on it for a little over a month now.
I would rather not share the abstract for now, as it is an area of original research, and I would rather not tip my hand.
But to give you a clue of the general direction, here is a pic of some of my source material for the background research.
Josh
