Chapter 4. Social Engineering
As patching becomes more routine and secure coding practices are adopted more, the chances of getting 1337H4XX are reducing significantly. However, as we all know, there's no patch for stupidity or admin oversight. Social engineering will always be a relevant skill; it's telling that most companies don't test for it because they know that there's nothing that can be done. For the time being anyway, the singularity is always around the next corner and I, for one, welcome our new robot overlords.
The ability to convince other people to do something on your behalf is not to be sniffed at. It's also pretty difficult to practice. I'd love to give you a method of conning people into doing things in a controlled environment, but it's pretty difficult to do. Once a person is aware of the potential for them to be socially engineered, they act differently and it defeats the point of the test. You may argue that security personnel...
