May 2024 – DiabloHorn

Like most people working in IT or information security or just in general with computers you’ll often receive questions on how to protect against phishing attacks, scams or similar attempts to deceive a person. The questions originate not from clients with whom you work professionally, but most often from friends, family & other people that overheard you know something about computers. I’ve been struggling for a long time on formulating an answer that would increase the resiliency of these people in a manner that doesn’t depend on providing details of ‘the attack that currently dominates the news cycle’.

With this blog post my goal is not to raise awareness, but to provide people with a tool that they can use to defend themselves from attacks when technological measures fail or are not properly configured as well as analog scams or other fraudulent attempts. I’ve also come to the conclusion that maybe it’s not so much about what you know about attacks, but how you FEEL when being attacked, that can make the difference between becoming a victim or not.

Keep in mind that this is not a silver bullet and even with all the knowledge in the world you can still fall victim to attacks. Not because attackers are necessarily always smarter than you, but because everyone has a bad day. Sometimes attackers get lucky and everything aligns perfectly, with the end result of still falling victim to an attack that manipulated you into doing something you didn’t even want to do, to begin with. If and when this happens don’t feel ashamed, it happens to all of us.

Please note that I’m not a psychologist, but just a random person that has executed these attacks in the past and as a hobby is curious about human nature, their emotions and how people react. It may very well be, that my approach is very wrong, which if this is the case, please do tell me. So far, the results have been promising and people with whom I’ve attempted this approach seem to be more resilient against attacks, even when they are not intimately familiar with the details of how the attack technically works.
This is by no means a grand claim on how well this works, since the pool of people that I explained this to and which tried to apply this themselves in their daily life is less than five.

Keep on reading if you are curious about using your emotions as a defence mechanism, if you prefer the attack side of this subject you can also read past blogs of mine on the subject of social engineering as part of different type of attacks here, here and here.

Lately, I’ve been drawn to do some desk research and limited hands-on testing of physical security measures. I’ve written about this subject before, you can find the article here. However, that article was written from the perspective of using social engineering to get into target locations during day time. Which was always lots of fun to do!

This time I was much more wondering about, what if you want to get in at night, while all the security measures are in place? If you wonder why, well for one because it is fun to do this type of breaking & entering legally and also because there are a ton of gadgets or potential gadgets.

This blog is mostly intended to make sure I don’t forget about all kind of possibilities to break in to facilities while all the security measures are enabled. Always useful to talk to yourself in written form right (hence the feeling that it might feel like ramblings, if you decide to read on)? This blog is not intended to determine if physical attacks are the most appropriate attacks to execute, since most attackers nowadays are doing almost everything remote. At least that is the current view on threat actors as far as I can tell from public sources.

Keep in mind that I’m no expert on this subject and that most of these options have only been desk researched and others are sort of a hobby for me. Basically: I am pretty sure I’m gonna be wrong in a couple of places. Feel free to leave better suggestions in the comments.

Month: May 2024

Random thoughts on physical security measures