I thought over and over again on which target I was going to pick and how I was going to do it. I selected my old employer which is a major government agency, so i wont post the name. Being a prior employee is not a real advantage as I never worked in HR or stepped foot on that aspect of the job. I had no real knowledge of its inter workings and thought that since it was a high profile target it would override that anyways. I selected this target because I don't like them , and I knew they had clowns working for them. Consequence level high though. I started by called their HR number and when someone answered I said "I spoke with someone the other day about a pending application I have with you guys" (I mentioned an open job I found on their website and used terminology specific to that job that they are probably used to hearing. I wanted to sound like I belonged and it was like every other other call. I stated that I didn't remember the name of who I spoke with but that it was a male and they told me to call back. they asked me "was it M***? I said nope, one name down. They asked "was it "J***" nope another name in the books. I said that I think he was a manager. The lady on the phone said "Im the manager", I said" hmm, well do you guys have shift work, maybe he is on at a different time" She said nope, "all employees work between hours 7-4PM and that the office closes no later than 430. i said" well is there any other males working that it could have been?" She said, "F****, but he is outside smoking." I dint ask where he was but thanks for the info. Now I know one of them smokes, if I wanted to blend in at smoking station and engineer him that way. (such as after a few times of them seeing me, go inside. ( oops I forgot my badge at my desk). They gave me a blueprint of attack. I said "well can you look if you have it? I sent it via fax the other day. Then she said she didnt have it. I asked her if i could fax it again, for her name and her extension. She gave me all of the above. I didnt try to pry into any operating systems or technical info, but I could have grabbed a suit and went to the office asking to personally check in on my application and shoulder surfed equipment and operating systems.
I hit this one out of the park IMO. It was way too easy and this lady didn't have a clue.
Peace
P to the Z to the B
No comments:
Post a Comment