The Tech In Hacking is a concept defined by use of techniques that do not use attacks support technological devices, which are commonly used to test the physical security of a target. The techniques that revolve around him are based on the use of social engineering, for many of them need of human interaction.
By involving the human factor, the individual needs to have a skill required within the social engineering we call reverse social engineering that is considered the most advanced engineering in order to collect information. Because the individual to impersonate another character and act physically on the scene, coaxing their targets with face-to-face techniques in order to solve the problem which caused even taking their boldness and ability to deceive their victims.
We name the types of No Tech Hacking as:
- Dumperster Diving
Is the vasculhamento of waste corporations in search of information such as reports, contracts, employee grade, or any revelante company data (much treated in the film Hacker 2 – Operation Takedown). The exploration is only possible because the company did not properly dispose of the Rubbish, such as the use of a shredder to avoid reading these document if they are caught in the waste. This data can be used for internal infiltration by false credentials, and implementation of indirect and direct engineering attacks.
- Shoulder Surfing
In layman’s translation refers to “surf on the shoulders” that resembles the person spying / snoops data via a terminal or a target device. We can consider as an act of spying keystrokes, view applications (icons / tools) on the target desktop for information credentials, logins, emails, or any data that can be used to start some kind of attack. In this scenario we mentioned types of attacks as the search exploits for the target OS or a specific round application on the machine, account logins which can explore brute force attack, collecting personal information, among others.
This is the art of circumventing any lock or any device that can give you physical access to the site (such as locks, doors, gates, etc.). Access to local servers with joint locks or privileged places within the organization can present great risk in a physical attack taking valuable information in Bk servers. See the full story we did about the details of this technique (click here).
Means of accessing private places so unauthorized by the elements involving social engineering, this is where there is the use of reverse social engineering with the intention of gaining trust through kindness or a position that the attacker takes over an authority ( example Suit use false credentials) on a target.
Despite being such a little commented technical, No Tech Hacking is embedded within the PenTest (mainly seen in Pentest Physical). As much as the definitions seem simple, the operation is very complicated one, because it is individuals with high ability of social engineering. It is worth noting that the same techniques enable a huge risk, worsening in many complications within organizations which many totally dismiss adotação a local security policy. A book about all the details and elements are addressed here is the No Tech Hacking -A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing, I recommend reading for anyone interested.