With the ability to write your own plugins for King Phisher, basically the possibilities for what YOU want King Phisher to do have fallen into your hands. During the newer release for King Phisher, the development team has incorporated the ability to add your own plugins to allow customization on what you'd like the phishing tool to do. For example, we've started a plugin ... READ MORE
Gotta Vish ‘Em All: Managing a Large Vishing Engagement
I was recently tasked with managing a rather large vishing campaign targeting a major financial institution. Normally when we get these kinds of campaigns, we're tasked with making ten to fifty phone calls (whether or not someone answers) and report the results. This campaign differed in that we had to talk to 100 individuals. Now it doesn't sound so bad, right? In reality, our ... READ MORE
Identity Legitimacy: Making Your Own ID Badge
A big part of performing any sort of physical penetration assessment involves a little bit of social engineering. More often than not, we choose to spoof a legitimate employee or vendor to attempt to enter the facility. Now, simply saying that you are Joe Schmo from Corporate isn't likely to get you very far. A successful tester will have to look the part, dress the part, and, ... READ MORE
War Room Talks @ B-Sides Cleveland 2016
Video credit: Adrian Crenshaw, @irongeek_adc Process Ventriloquism with ZeroSteiner A Rookie PoV The Hollywood Fallacy with H3llcat ... READ MORE
Pretexting: Your Targets Want to, They Just Don’t Know it Yet
When conducting a social engineering engagement, be it in person or remote, your pretext can mean life or death for your engagement. First off, let's define what a pretext is. A pretext is your story. Who you are, the company you work for, your purpose, even down to how many kids you have, their names, the car you drive, etc. Depending how far you need to go, having details ... READ MORE
Register Now for the RSM Capture The Flag 2016
We here at the WarRoom love this time of year as it's time for our annual Capture the Flag event. This year, we're working with Akron University and opened the CTF to both undergrad college and high school teams. Here's a little bit of the details: High School Students College Students High school students in grades 9-12. Teams will consist of 1 to 4 ... READ MORE
Becoming a Master Template Creator with Jinja2: Getting Started
My last blog was a primer for getting into scripting web templates using Jinja2. In this next blog (part two of an intended four part series) we'll get started by installing the necessary dependencies, setting up a directory, and starting to build our site. Installation Before we get started, it's important to note I'm running Ubuntu Gnome 15.04, so the majority of commands ... READ MORE
Beer:30 – Physical Security Assessment
Our very own patchwork talks about conducting a Physical Security Assessment for RSM's Beer:30 web series. ... READ MORE
WarRoom Revisited
Last year, one of our visions became a reality with the roll our of our technical blog, the War Room. Our original intent was to creat a space where any of us could write about topics we were learning or that others might find beneficial. It was a little bit of a learning experience at first, but we were able to publish our first post in September, 2014. What we didn't ... READ MORE
Becoming a Master Template Creator with Jinja2: Introduction
In my previous line of work, I made a living as a web developer. My time was spent building websites in content management systems, customizing the front end for clients and ensuring the back-end was usable and worked as intended. Today, I mostly tap my front-end developer experiences for building websites for use in social engineering campaigns. As we don't use content ... READ MORE