lapis

lapis

理解以真实为本,但真实本身不会自动呈现
HomeArchives关于

Unnecessary Evil - Passive Social Engineering

#非必要之恶97
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses the concept of passive social engineering and its application in online platforms. It explains that social engineering is the manipulation of social relationships, beliefs, customs, perceptions, and behaviors to achieve certain goals. Passive social engineering refers to conducting social engineering activities without actively engaging with the target. The article also mentions the difficulty of deleting information from the internet and provides an OSINT framework for gathering information about a target on social media platforms. It suggests searching for overlapping usernames, checking for account bindings, and analyzing the target's posts and comments for useful information. The article concludes that as long as the target is not using a secondary account, the rewards of passive social engineering can be significant. It also mentions that obtaining the target's phone number, QQ number, or WeChat ID makes the process even easier.

Unnecessary Evil - Passive Social Engineering#

date: December 22, 2022
slug: 12
status: Published
tags: Unnecessary Evil
type: Post

Unnecessary Evil - Passive Social Engineering#

2022-12-22 2 min read [# Unnecessary Evil]

Let's start with a definition:
Social engineering is a discipline that studies how to achieve goals by manipulating social relationships, beliefs, customs, perceptions, and behaviors. Social engineers typically use psychology, sociology, economics, and technical knowledge to solve problems. Social engineering and hacking are two intersecting fields, and social engineering is one of the required courses for hackers. Social engineering places more emphasis on the value of the word "social."

This article mainly focuses on passive social engineering, which refers to social engineering activities carried out without actively engaging with the target.

The internet is a place of infinite magic, vastness, and interest. Countless pieces of information are generated, consumed, and forgotten every day, but they do not disappear. It is very difficult to truly delete something on the internet, but it is easy to trace it.

OSINT Framework

http://www.lapis.cafe/wp-content/uploads/2022/12/%E7%A4%BE%E5%B7%A5%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86%E6%80%9D%E8%B7%AF-watermark.png

Suppose I encounter a target on a social platform and want to obtain their information. How should I proceed? 1. Check if the person's username overlaps with other platforms such as Baidu, Google, Bilibili, Weibo, etc. (this can be very effective at times) 2. Check if the social platform is linked to other accounts (for example, the user's profile may be linked to a Weibo account) 3. What works or comments has the user posted on this social platform? Can any useful information be extracted? Can the scope be further narrowed down?

In general, as long as the target is not using an alternate account on the current social platform, the gains from social engineering can be significant. Even alternate accounts can be used to check the list of followers. If there is only one account in the list, there is a high probability that it is the main account.

Once you obtain the phone number/QQ number/WeChat ID (Weibo ID can be indirectly useful), opening the box becomes very simple.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.