I'd probably use Deviant's classic elevator example. Grab a metal clipboard, show up pretending to be an elevator repair tech, act bored, turn off elevator, and use it as your own personal base of operations.
Easy, I would knock on a wall then hide in a box. After he says "what was that noise" and "just a box" I will follow behind him and sneak in before he gets back to his default position.
Presuming I've dressed the part of a professional with my Saunders aluminum sheet holder, I may walk up to the security guard and ask him "on a scale of 1-10 what he would rate his situational awareness at?" Maybe another question or two for good measure. I would then write his answers down on a pre-fabricated security auditing worksheet complete with a dummy security auditing company logo and website URL which goes to a dummy website I made. I would then casually walk away and jiggle some locks checking some boxes on my worksheet. Presuming he takes the bait and asks what I'm doing, I'd let him know I'm conducting an audit of the penetration test presently under way, hand him the card, and invite him to check us out online. I'd pull out my CH751 or whatever to unlock a little wafer lock I was sure it would work with and then lock it back right in front of him, I'd shake my head right and left, while noting that the lock was easily defeated on the work sheet. "heh, You guys haven't even re-keyed the locks, you really went that extra mile on security didn't you?" Meh, I dunno, probably too elaborate. I'd have to think about it a little while longer but if you hide in plain sight, and give them believable props you can suspend their disbelief, and they don't blink twice about what you're doing. I used to get into parties for free that way through service entrances as a photographer in a similar manner because I had some business cards, a lanyard, and a decent digital SLR. I had to explain my presence a couple times but usually was just left to roam afterwards. It was fun :)
I immediately sized both circles up in my head, understood the patttens are an illusion and surmised they were both of equal diameter. Ngl low key proud of myself. But I fully understand your point.
A fake badge and confidence that I'm where I'm supposed to be. Also probably dress for the occasion like a maintenance helmet and/or some brown janitors clothes, copying somebody low on the chain. Saying you're new and/or being kind goes a long way so I'd probably use that.
@@trumanhw true, it won't fool the janitor, but they aren't the target. There are very few people to actually make friends with the janitors, maintenance, etc. Depending on the objective, you can literally just pay an employee to plug in a USB stick without infiltrating yourself, however, the confidence is key when undercover.
Sure, I'll do your job for you. ;-) The security guard (almost invariably UTTERLY INCOMPETENT people, so if you're not avoiding them but deliberately engaging and duping them -- knowing only their name I'd use a rouse as though either I were replacing them because they'd been fired or were needed in another location (acting like I just got off the phone) with someone, and have a duffle bag with me which allegedly has my uniform in it. Receptionist depends on the size of the company: but with the make and model of her car you can say "does anyone up here have a _________ ..? It was (either hit or being towed) tell her you dn't mind waiting until she's back for your appointment to be processed. LNE: Pretend like your key isn't working, you're on the phone with someone important and apologize profusely for making him come down in the middle of the night (in ear shot) such that you guilt him in to the desire to be helpful. (next time I'm going to charge you for this).
I was just being nice. My therapist told me to try it more often. But that is a terrible idea. First of all I work at night. If there was a receptionist there I would have gone up her skirt and had the keys to the whole building and had her make me breakfast in bed the following day. And if the security guard had on a skirt it would have been his lucky day too.
I would say hello to the security guard, and the receptionist, and tell her why I'm there. The late night employee was not there yet. It was not late night.
Nice work on this video, I see what you did here, and I applaud it. These tenets (A social engineer can make their reality whatever lie the world is willing to be sold on.) apply for so many other issues {aptly}which have nothing to do with the subtle entry game. Well Done Sir.......
Eh! You still didn't get it. He made us do his job for him (putting all of our creativity to work on his behalf so he doesn't have to think up novel ways to do penetration testing -- and instead, can make people who aren't in that industry, and perhaps one of us is remarkably creative, to think up something for him).
Can you talk about wether or not tattoos mess up a pretext, I want to get one but I also want to do what you do and I feel tattoos would counter active when I’m trying to play a part
Dress up like a janitor no one pays attention to the janitor. Or, wear a suit and have confidence. You would be amazed what you can do with a well fitting suit and confidence. Why do you think James bond wears one?
1. Assuming that a security guard wouldn't have much intimate knowledge of the employees, I could take advantage of their implicit bias by dressing up in what could be perceived as stereotypically "gay" clothing, carrying some fancy, healthy looking packaged meal from a local take-out restaurant. I would say I'm here to bring my partner some food. If questioned further, I would simply state that my partner requested I keep our relationship personal and that I would just be dropping it off at reception, and maybe giving my partner a quick hello if I happened to bump into him. 2. I would register a shell not-for-profit corporation and make a simple but fancy looking website advertising it as some kind of free training for the benefit of society (e.g. diversity training, sexual harassment training, social justice, etc.) I would then market myself towards the company, selling myself as a no brainer: it's free and it will help your company culture. An appointment will be made to conduct the training. I will "accidentally" park my car near the back entrance and ask to be let in that way. After conducting my "training", I will either conduct my covert business immediately, or find a place to hind until the coast is clear. I will have an associate drive the car away. Because I asked to be. let in from the back and since my car has driven off, they won't be suspicious about my not leaving as they will have assumed I simply left through the back. inadvertently
But why not just walk back in on the phone with your "lunch" (ideally) while talking to another person in which you both just act like you belong there. Acting natural takes only watching others walk in and then 'owning it.' With ANY of those 3 employees names, (and a few of key people in the company, manager, CEO, etc) you could just flip the script, say hi to them and be offended they don't remember you yet.
Is it smaller or further away? Not taken into account in the first optical illusion question is the positioning of the circles in relation to the viewer’s eye. The blue circle is central to the screen and the red circle peripheral. I am mono-ocular and my viewing eye is positioned centrally in the screen making it appear larger even before the other optical trickery comes into play, but even for those with binocular vision the blue circle is still central to vision and so has a size advantage.
Great video! I didn't take your lie at face value, but hey, I would probably fall for social engineering. 1) Security guard: I'm working on the elevators. I was told the maintenance room was with the servers. I can't seem to find them though. Could you take me there? 2) Receptionist: My friend forgot their USB drive. They told me they couldn't meet me down here because they were busy and asked me to bring it to them. They said it had really important stuff on it. Could you tell me where room 2169 is? 3) Late night employee: I fell asleep in the bathroom. My badge won't let me back into my office since its so late. My office is one the 3rd floor. Could you let me in? I need to improve on pretext
Ask for a tour clone an authoritative rfid receptionists can’t do much show them some legal document for some inspection and oh I have so many water meters to check today I gotta go fast “ok!” Late night employee says “who the fuck are you” whoa I’m just a janitor *pulls mop out of ass
Security guard is easy. Stay calm, stay confident, get his attention quickly and approach him. Tell him when you left your office you dropped something like a flash drive with important information on it and you need help finding it. (Seem irritated)Trust me he would rather do nothing than help some White dude look for his shit. Know the companies in the building that have the most random employees or visitors with limited access. The only thing he will ask you is what company you are with.. dont fumble the ball there. It's all he will ask because he has to pretend to care.
You're giving them too much credit. This is not a blackwater guard. This is a dude making minimum wage. The more you explain and pretend like they have power, the less credible it is that you actually belong there. Mocking them would be more credible.
I've got one: "One of my fists punches harder than the other, is it the left? [SMACK!!] or the right?" [SMACK!!!] If the guard is smarter he'll probably be out for the count, if he's thicker then he'll ask for the test again!
Did anyone actually decide in that short time which circle they thought was bigger? They look the same size, so someone would have to be drastically delusional to think they perceived one being larger than the other. Perhaps the simple lie which was sold was when the narrator claimed he was likely able to get us to convince ourselves one was larger than the other, and he reinforced it by basing a whole video around it. All we have here is an example of failed social engineering, where he tried to trick people and very few people fell for it. But, maybe he engineered you into thinking the example was a good one? Am I the only one who passed the test?
Definitely not the only one to see through that. Most people interested in security (by profession or casual interest) will be conditioned to be sceptical and curious, so I suppose most have seen countless optical illusions (because it is an adjacent area)
Asking people to make a choice between two false answers than think about option C: the tester is lying, is a common social engineering tactic. Another tactic is when people start to see through a lie, a second plausible lie is added to keep them in line.
I wondered why you were lying about the size of the circles... If you had said instead that you would give us the answer at the end I might have started doubting. As for the challenge... The exact approach would depend on the organisation I was attempting to gain entry to. Visitor, contractor, 3rd party vendor, cleaner, employee from a remote site,...
@@kevincarter7102 I don't remember editing it, but if I did it was within seconds of writing it (and possibly due to Autocorrect switching English for American). Might I suggest in future that if you don't have something constructive to add, perhaps you shouldn't. Edited to add this to see if it is marked as edited, and it is. So, no I didn't edit it.
@@kevincarter7102 "yu probable eddited"... That's three mistakes in three words. And you dare say something about other people's spelling... when there are absolutely no mistakes in their text. You are the only one using broken English here. First learn English, then check your eyes. And avoid remarking about other people's spelling anyway. Criticizing form over substance is an obvious attempt to appear intelligent while contributing nothing of value, not to mention silencing those less privileged (either for lack of a good education, or because of handicaps such as dyslexia). Just keep your crass, misplaced elitism to yourself. You will save yourself further embarrassment.
![[57] The Power of Pretext](http://i.ytimg.com/vi/ZcFy4_cxSU0/mqdefault.jpg)
![[57] The Power of Pretext](/img/tr.png)
![[61] Covert Entry Tool Tierlist](http://i.ytimg.com/vi/7FullVIDj9o/mqdefault.jpg)
![[58] The Red Team Tactics of Among Us](http://i.ytimg.com/vi/aHGo6mvy4Gs/mqdefault.jpg)
![[60] I was Hired to Legally Break into a Company](/img/n.gif)
I'd probably use Deviant's classic elevator example. Grab a metal clipboard, show up pretending to be an elevator repair tech, act bored, turn off elevator, and use it as your own personal base of operations.
Easy, I would knock on a wall then hide in a box. After he says "what was that noise" and "just a box" I will follow behind him and sneak in before he gets back to his default position.
Presuming I've dressed the part of a professional with my Saunders aluminum sheet holder, I may walk up to the security guard and ask him "on a scale of 1-10 what he would rate his situational awareness at?" Maybe another question or two for good measure. I would then write his answers down on a pre-fabricated security auditing worksheet complete with a dummy security auditing company logo and website URL which goes to a dummy website I made. I would then casually walk away and jiggle some locks checking some boxes on my worksheet. Presuming he takes the bait and asks what I'm doing, I'd let him know I'm conducting an audit of the penetration test presently under way, hand him the card, and invite him to check us out online. I'd pull out my CH751 or whatever to unlock a little wafer lock I was sure it would work with and then lock it back right in front of him, I'd shake my head right and left, while noting that the lock was easily defeated on the work sheet. "heh, You guys haven't even re-keyed the locks, you really went that extra mile on security didn't you?"
Meh, I dunno, probably too elaborate. I'd have to think about it a little while longer but if you hide in plain sight, and give them believable props you can suspend their disbelief, and they don't blink twice about what you're doing. I used to get into parties for free that way through service entrances as a photographer in a similar manner because I had some business cards, a lanyard, and a decent digital SLR. I had to explain my presence a couple times but usually was just left to roam afterwards. It was fun :)
Step 1: the pledge
Step 2: the turn
Step 3: the prestige
@@notapplicable7633 [no.i'mnothereyousee.]
Nice to know I am sceptical about these simple problems when they are proposed like this. I wonder if i can keep that up in real life though.
I immediately sized both circles up in my head, understood the patttens are an illusion and surmised they were both of equal diameter. Ngl low key proud of myself. But I fully understand your point.
A fake badge and confidence that I'm where I'm supposed to be. Also probably dress for the occasion like a maintenance helmet and/or some brown janitors clothes, copying somebody low on the chain. Saying you're new and/or being kind goes a long way so I'd probably use that.
Pending on the size of the business / building.
Janitors are not something they have a lot of, so this is unlikely to fool (especially) the janitor.
@@trumanhw true, it won't fool the janitor, but they aren't the target. There are very few people to actually make friends with the janitors, maintenance, etc. Depending on the objective, you can literally just pay an employee to plug in a USB stick without infiltrating yourself, however, the confidence is key when undercover.
Sure, I'll do your job for you. ;-)
The security guard (almost invariably UTTERLY INCOMPETENT people, so if you're not avoiding them but deliberately engaging and duping them -- knowing only their name I'd use a rouse as though either I were replacing them because they'd been fired or were needed in another location (acting like I just got off the phone) with someone, and have a duffle bag with me which allegedly has my uniform in it.
Receptionist depends on the size of the company: but with the make and model of her car you can say "does anyone up here have a _________ ..? It was (either hit or being towed) tell her you dn't mind waiting until she's back for your appointment to be processed.
LNE:
Pretend like your key isn't working, you're on the phone with someone important and apologize profusely for making him come down in the middle of the night (in ear shot) such that you guilt him in to the desire to be helpful.
(next time I'm going to charge you for this).
You near los angeles?
Not often I agree with everybody's Game plan. I might go as far as saying yours is better than mine. Golf clap in a circle. Well played
@@kevincarter7102 who are you Kevin Carter
@@sb.8klol. you're not the first person to ask me that this week. I am a good man's best friend and a bad man's worst nightmare.
I was just being nice. My therapist told me to try it more often. But that is a terrible idea. First of all I work at night. If there was a receptionist there I would have gone up her skirt and had the keys to the whole building and had her make me breakfast in bed the following day. And if the security guard had on a skirt it would have been his lucky day too.
i think lots of people need to become aware of such things.
I would say hello to the security guard, and the receptionist, and tell her why I'm there. The late night employee was not there yet. It was not late night.
so heres an easily over looked vector to all 3 of the challenges: get a job at the place, any job, boom your in.
Nice work on this video, I see what you did here, and I applaud it. These tenets (A social engineer can make their reality whatever lie the world is willing to be sold on.) apply for so many other issues {aptly}which have nothing to do with the subtle entry game. Well Done Sir.......
Eh! You still didn't get it. He made us do his job for him (putting all of our creativity to work on his behalf so he doesn't have to think up novel ways to do penetration testing -- and instead, can make people who aren't in that industry, and perhaps one of us is remarkably creative, to think up something for him).
How to get past the three people?
Agent 47 taught me everyone needs to go pee, every 5 mins. Just wait.
Thnx :D
I so love this channel!
Urgently needing to use the bathroom usually works. If met with resistance start undoing your pants lol.
Nice
Can you talk about wether or not tattoos mess up a pretext, I want to get one but I also want to do what you do and I feel tattoos would counter active when I’m trying to play a part
You got me (:
Dress up like a janitor no one pays attention to the janitor. Or, wear a suit and have confidence. You would be amazed what you can do with a well fitting suit and confidence. Why do you think James bond wears one?
1. Assuming that a security guard wouldn't have much intimate knowledge of the employees, I could take advantage of their implicit bias by dressing up in what could be perceived as stereotypically "gay" clothing, carrying some fancy, healthy looking packaged meal from a local take-out restaurant. I would say I'm here to bring my partner some food. If questioned further, I would simply state that my partner requested I keep our relationship personal and that I would just be dropping it off at reception, and maybe giving my partner a quick hello if I happened to bump into him.
2. I would register a shell not-for-profit corporation and make a simple but fancy looking website advertising it as some kind of free training for the benefit of society (e.g. diversity training, sexual harassment training, social justice, etc.) I would then market myself towards the company, selling myself as a no brainer: it's free and it will help your company culture. An appointment will be made to conduct the training. I will "accidentally" park my car near the back entrance and ask to be let in that way. After conducting my "training", I will either conduct my covert business immediately, or find a place to hind until the coast is clear. I will have an associate drive the car away. Because I asked to be. let in from the back and since my car has driven off, they won't be suspicious about my not leaving as they will have assumed I simply left through the back.
inadvertently
You could be on my team any day. The B Team I send to the building I'm not in to draw the heat.
But why not just walk back in on the phone with your "lunch" (ideally) while talking to another person in which you both just act like you belong there. Acting natural takes only watching others walk in and then 'owning it.'
With ANY of those 3 employees names, (and a few of key people in the company, manager, CEO, etc) you could just flip the script, say hi to them and be offended they don't remember you yet.
I like your channel so much, I don't skip the ads in hopes it will pay slightly better.
Just pay 11.99 you don't have to skip the ads. They go bye bye. Worth every penny. I'd pay 22.98 all day long.
@@kevincarter7102 that helps youtube but not this guy
@@Andyblalock Actually, it helps both. Monetized channels get paid a share with people with UA-cam premium watch their videos.
I always use the ventilation ducts.
Lol... The circles looked the same and I would have said so
Joke's on you, I figured that it was a trick question. ^^
Is it smaller or further away?
Not taken into account in the first optical illusion question is the positioning of the circles in relation to the viewer’s eye. The blue circle is central to the screen and the red circle peripheral.
I am mono-ocular and my viewing eye is positioned centrally in the screen making it appear larger even before the other optical trickery comes into play, but even for those with binocular vision the blue circle is still central to vision and so has a size advantage.
Why?
Great video! I didn't take your lie at face value, but hey, I would probably fall for social engineering.
1) Security guard: I'm working on the elevators. I was told the maintenance room was with the servers. I can't seem to find them though. Could you take me there?
2) Receptionist: My friend forgot their USB drive. They told me they couldn't meet me down here because they were busy and asked me to bring it to them. They said it had really important stuff on it. Could you tell me where room 2169 is?
3) Late night employee: I fell asleep in the bathroom. My badge won't let me back into my office since its so late. My office is one the 3rd floor. Could you let me in?
I need to improve on pretext
Huh?
Ask for a tour clone an authoritative rfid receptionists can’t do much show them some legal document for some inspection and oh I have so many water meters to check today I gotta go fast “ok!” Late night employee says “who the fuck are you” whoa I’m just a janitor *pulls mop out of ass
Forgot the security guard just use the water inspection document I guess, I’m completely new to this btw
Security guard is easy. Stay calm, stay confident, get his attention quickly and approach him. Tell him when you left your office you dropped something like a flash drive with important information on it and you need help finding it. (Seem irritated)Trust me he would rather do nothing than help some White dude look for his shit. Know the companies in the building that have the most random employees or visitors with limited access. The only thing he will ask you is what company you are with.. dont fumble the ball there. It's all he will ask because he has to pretend to care.
You're giving them too much credit. This is not a blackwater guard. This is a dude making minimum wage. The more you explain and pretend like they have power, the less credible it is that you actually belong there. Mocking them would be more credible.
i came here to chew bubble gum & kick some ass.. and i'm all outta bubble gum...
I've got one: "One of my fists punches harder than the other, is it the left? [SMACK!!] or the right?" [SMACK!!!]
If the guard is smarter he'll probably be out for the count, if he's thicker then he'll ask for the test again!
But I told but are same.
So you not got a good example
Did anyone actually decide in that short time which circle they thought was bigger? They look the same size, so someone would have to be drastically delusional to think they perceived one being larger than the other. Perhaps the simple lie which was sold was when the narrator claimed he was likely able to get us to convince ourselves one was larger than the other, and he reinforced it by basing a whole video around it. All we have here is an example of failed social engineering, where he tried to trick people and very few people fell for it. But, maybe he engineered you into thinking the example was a good one?
Am I the only one who passed the test?
Definitely not the only one to see through that. Most people interested in security (by profession or casual interest) will be conditioned to be sceptical and curious, so I suppose most have seen countless optical illusions (because it is an adjacent area)
Asking people to make a choice between two false answers than think about option C: the tester is lying, is a common social engineering tactic.
Another tactic is when people start to see through a lie, a second plausible lie is added to keep them in line.
i mean, if you can lay out all these possibilities and consider the choices, you have already ran over the engineering with a truck
Who is this channel for? Burglars?
Who are you, a smoke criminal?
@@amihirata ahahah, no I was just wondering who your channel is meant for, actual lock pickers or ppl who pick locks as a hobby, lol...
@@thesmokecriminal5395 pretty sure pentesting is a legitimate skill that companies pay quite a lot for.
I wondered why you were lying about the size of the circles... If you had said instead that you would give us the answer at the end I might have started doubting.
As for the challenge...
The exact approach would depend on the organisation I was attempting to gain entry to. Visitor, contractor, 3rd party vendor, cleaner, employee from a remote site,...
Looks like spelling is your challenge..
@@kevincarter7102 given that I can't see any spelling errors in my comment I would love for you to please point them out to me.
@@adammorris8112 yu probable eddited it
@@kevincarter7102 I don't remember editing it, but if I did it was within seconds of writing it (and possibly due to Autocorrect switching English for American).
Might I suggest in future that if you don't have something constructive to add, perhaps you shouldn't.
Edited to add this to see if it is marked as edited, and it is. So, no I didn't edit it.
@@kevincarter7102 "yu probable eddited"... That's three mistakes in three words. And you dare say something about other people's spelling... when there are absolutely no mistakes in their text. You are the only one using broken English here.
First learn English, then check your eyes. And avoid remarking about other people's spelling anyway. Criticizing form over substance is an obvious attempt to appear intelligent while contributing nothing of value, not to mention silencing those less privileged (either for lack of a good education, or because of handicaps such as dyslexia).
Just keep your crass, misplaced elitism to yourself. You will save yourself further embarrassment.