lapis

lapis

理解以真实为本,但真实本身不会自动呈现
HomeArchives关于

Unnecessary Evil - Passive Social Worker

#非必要之恶99
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses passive social engineering, which involves conducting social engineering activities without actively communicating with the target. It emphasizes the value of the "social" aspect and provides strategies for gathering information about a target on social media platforms. The article also mentions that obtaining a target's phone number or social media accounts makes the process easier.

Unnecessary Evil - Passive Social Engineering

date: December 22, 2022
slug: 12
status: Published
tags: Unnecessary Evil
type: Post

Unnecessary Evil - Passive Social Engineering#

2022-12-22 2 min read [# Unnecessary Evil]

Let's start with a definition:
Social engineering is a discipline that studies how to manipulate social relationships, beliefs, customs, perceptions, and behaviors to achieve goals. Social engineers typically use psychology, sociology, economics, and technical knowledge to solve problems.
Social engineering and hacking are two intersecting fields, with social engineering being a mandatory course for hackers. Social engineering places more emphasis on the value of the word "social."

This article mainly focuses on passive social engineering, which refers to social engineering activities conducted without actively communicating with the target.

The internet is a place of infinite wonders, vastness, and endless fascination. Countless information is generated, consumed, and forgotten every day, but it does not disappear. It is extremely difficult to truly delete something on the internet, but it is easy to trace it back.

OSINT Framework

http://www.lapis.cafe/wp-content/uploads/2022/12/%E7%A4%BE%E5%B7%A5%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86%E6%80%9D%E8%B7%AF-watermark.png

Suppose I encounter a target on a social platform and want to obtain their information. How should I proceed? 1. Does this person's username overlap? Search on platforms like Baidu, Google, Bilibili, Weibo, etc. (this can be very effective at times) 2. Is this social platform linked to other accounts? (For example, the user's homepage may be linked to a Weibo account) 3. What works or statements has this user posted on this social platform? Can any useful information be extracted? Can the scope be further narrowed down?

In general, as long as the target is not using an alternate account on the current social platform, the gains from social engineering will be significant. Even alternate accounts can be used to query the list of followers. If there is only one account in the list, it is highly likely to be the main account.

Once you obtain the phone number/QQ number/WeChat ID (Weibo ID can be indirectly useful), opening the box becomes very simple.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.