So today I wanted to talk about breaking into places.

Often, like castles, organisations are built to keep people out - so how do you actually get in?

A thread 🧵 First up is the assumption someone can't get in. At the core of the problem, this is the misunderstood aspect that will result in failure.

An organisation creates a space that is deemed secure and follow traditional processes to secure the premises - locks, fences, cameras.

@Namecheap So it wouldn’t be possible for you, a person on the social media channels to take the details from a tweet (social media) and put that information into your own system?

See you’re using sprout social, so you just open up another tab and paste in the URL.

I’ll help you if stuck. @Namecheap You don’t have to investigate this so don’t worry. I’m sure we will get the information from the tweet to the right team together.

When you go to the report you will see this, click the ‘abuse’ radio button then next. I’ll wait here for the next tip if you are unsure.

There are lots of people claiming to be social engineers over the last few years. It’s good to see an industry expand.

But can I offer some words of advice... some may feel this is gatekeeping, but please see it as the guidance it’s intended to be. 1) You do an SE job and it goes OK. You are not The Flash. You do not have a superpower.

Companies have neglected this area of security. It’s all broken. You were able to traverse security because it was probably weak. The 19 year old receptionist isn’t Sun Tzu.

One of the weirdest things we do as social engineers is impersonate other people. It allows us access to some amazing places... but let me tell you a story about how this occurs. Social Engineers rarely just rock up... This one job starts with scouring LinkedIn. Helped by the human desire to boast and share we manually make a list of 200 people that show an affiliation to our target company.