#SocialEngineering, #Psychology, #HUMINT & #OSINT intertwined for the sake of security. Exec Board @OSINTCurious
Jan 14, 2022 • 17 tweets • 4 min read
As I was on an international train ride today, a couple sitting nearby tried to casually steal my luggage.
Let's see what we can learn from it 🧵
Upon entering my train, I notice a couple looking me up from head to toe, & saying something in another language. I shrugged it off
...people look at people for all kinds of reasons. I left my bag at the allocated luggage section of the train & sat nearby. Business attire. They kept looking and talking. I took my book out and started reading, but as they were sitting diagonal across me, I could still see them
Dec 4, 2020 • 5 tweets • 2 min read
A must read for any intelligence analyst but also anyone interested in improving their critical thinking processes.
There are many good books out there but not many are THAT good!
This is one I keep recommending:
"A basic finding of cognitive psychology is that people have no conscious experience of most of what happens in the human mind. Many functions associated with perception ,memory and information processing are conducted prior to and independently of any conscious direction."
Jul 12, 2020 • 11 tweets • 4 min read
Sunday's fun fact on inferences:
Arthur Conan Doyle's fictional character "Sherlock Holmes" is based on his real-life professor under whom he studied medicine,Dr. Joseph Bell.
"It is most certainly to you that I owe Sherlock Holmes and though in the stories I have the advantage
...of being able to place Sherlock in all sorts of dramatic positions, I do not think his analytical work is in the least exaggeration of some effects which I have seen you produce in the outpatient ward"
wrote Conan Doyle in a letter to Dr. Bell.
Jan 20, 2020 • 10 tweets • 3 min read
By applying a little bit of strategic thinking, you realize that there is a lot more one can do to defend against #SocialEngineering than awareness training alone. Here is a visualization, based on a typical SE attack kill-chain:
(thread 🧵 1/10)
Phase 1:
🔸SEs gather information & plan the attack scenario/seek entry points.
To prevent them,defenders can:
🔹Seek to understand their public information exposure & its potential consequences(eg. by conducting an OSINT investigation on their org)in order to manage it