// BLOG
The Problems with Hypnosis and Social Engineering
May 9, 2011
My newest column is up on EthicalHacker.net. Actually, I should probably call it my newest “rant”, as I really somewhat went off about the problem with some people who are making themselves experts in social engineering using hypnosis as part of their background.
For those who know my background, you probably know that I’m not exactly one to talk here. But, as I said in my article:
In short… if you’re learning social engineering and the person is trotting out hypnosis as the primary reason that they’re good at it, examine their other credentials VERY closely. Expect that they can back up their work, and that they can tell you the difference between hypnosis and social engineering and how the two skill-sets translate.
In the column, I didn’t really lay out that correspondence appropriately. Hypnosis can be a useful skill-set for someone who wants to be a social engineer in that:
- Learning hypnosis teaches you to be incredibly sensitive to the impact of your communication on another person
- Language patterns in learned and used in hypnosis CAN BE very effective in social engineering scenarios (though, if you do it wrong, you end up sounding like Ross Jeffries).
- If you can find a trainer who is aware of framing to the level that they can teach the implicit frames involved in hypnosis, you can separate out the frame related components from those that aren’t
Finally, a THA Frequently Asked Questions page!
April 14, 2011
Just a quick post this time around, to announce: our Frequently Asked Questions page!
That’s right…we finally got around to compiling a list of the most frequently asked questions, and have turned it into a nifty page with all the answers. For prospective customers, this exhaustive list will any and all questions that most might have.
To check it out, just head over to the FAQ Page itself. Have extra questions that aren’t covered? Easy – just shoot us a message at supp...@thehackeracademy.com
Cheers,
The Hacker Academy Team
THA Free Live Webinar: Social Penetration, April 14th @ 1:30 pm ET
April 7, 2011
The next webinar in our free live webinar series is scheduled for next Thursday! This time around, Mike will be talking about social penetration. This presentation will focus on the methods of delivery of those attacks through/over the web in order to exploit users with XSS, XSRF and more.
While I know we let the cat out of the bag that we’re incorporating a new Webinar System to use for you guys – we’re unfortunately still in the process of fully integrating it properly and completely. So, for now – we’ll still be using our older system – BUT, we’re happy to announce NO MORE DUMB SESSION CODES (for those who have joined us before)! Woot – no more confusing codes to enter to join the webinar – sweet! Check out the Webinar Details below.
Time/Date details:
THA Free Webinar – Social Penetration
Date: 2011-04-14 (Thurs. April 14th, 2011)
Time: 01:30 PM (Ed. This used to be set for 2 pm ET – has been changed)
Time zone: (UTC-05) Eastern Time (US + Canada)
Cost: Free
To join us for this 1 hour free webinar, Click Here to sign up to receive attendence information.
Note: if you’ve previously signed up for our webinars, there is no need to sign up again – you will have already received an invite to register via email.
Two New THA Network Pen Testing Modules to Start April!
April 4, 2011
Both Jeremy Conway and Dan Frye release modules for the start of April – 2 brand new modules in Network Penetration Testing.
Jeremy explains his module on Passive OS Fingerprinting:
“Passive operating system fingerprinting is a method for passively detecting the operating system of a remote host based on certain characteristics within that host’s network stack. Due to the passive nature of this analysis, the remote system being fingerprinted cannot detect this style of reconnaissance. In this learning module we will examine several common metrics utilized to perform passive operating system fingerprinting and some of the most common applications and/or tools that can perform this type of reconnaissance.”
Dan explains ARP Attacks and Intro to EtterCap:
“Address Resolution Protocol (ARP) attacks on a LAN are one of the most significant types of attacks employed by pentesters due to its ease of execution and the effects to other hosts on the LAN. In this module we’ll review the basics of how ARP works, the reasons why ARP attacks are so successful, and introduce students to Ettercap, the “swiss army knife” of ARP poisoning attacks.”
The modules are an awesome way for our members to start of Spring – nice job, Dan and Jeremy!
Remember, if you’re interested in becoming a member, hop by our membership page for more info.
Cheers,
The Hacker Academy Team
New Cutting Edge Module: ProxyChains – the Ultimate Proxifier!
March 29, 2011
Jeremy Conway’s put up a new Cutting Edge module for the end of March, here. In this new module, Jeremy covers using chained proxies to make attacks harder to trace.
Jeremy explains:
“The art of proxy chaining is merely connecting through more than one proxy and then to your intended destination or target. In general this technique can aid us in becoming tougher to trace and/or aid us in becoming more anonymous. ProxyChains is an easy to use program that forces any TCP connection made by any given TCP client to follow through a proxy or proxy chain. ProxyChains can be summed up as literally a “Proxifier” for non-proxy aware applications. ProxyChains currently supports the following proxies: SOCKS4, SOCKS5 and HTTP(s) making it an extremely versatile tool for any pen tester.”
Jeremy loves proxies so much – he even makes up his own words for them (proxifier 
).
Remember, if you’re interested in becoming a member, hop by our membership page for more info.
Cheers,
The Hacker Academy Team
