Thomas Kønig:

Social Engineering
The Complete Guide
Q. Wait! What is Social Engineering?
A. Good question! Social Engineering is the art commonly referred to as ”Human Hacking”.
It consists of controlling, manipulating, confusing, and in other ways exploiting the human mind
and emotions to achieve any kind of goal. There's no way to exactly define what ”Social
Engineering” consists of. SEing is one of the first things we learn in life, however we never really
understand how to control them. For example, when you were a child; if your mum wouldn't let
you have candy, would you cry? Would you argue with her, maybe drop onto the floor and start
battering it, as if you were a junkie on heavy crack? And why?

Simple – Because you figured it out. If you cried for long enough, eventually your mum would
give in, and hand you the candy. Your dad wouldn't give a flying f**k about the crying, but you
knew that begging him for the candy would do the trick. And therefore, so you did.

Social engineering is just like that. Except, back then it was probably more subconcious. Your
brain had done some hard tests, and if it worked, it stuck with it. Now, to understand SE, you
must understand what you did back then.

Q. And you will teach me that?

A. That, and much more. In this eBook, I'll be rounding a lot of niche little tricks, a lot of
information on self-improvement, insight in the daily life of a social engineer, some of my
personal techniques, and a lot of information and references to other fantastic guides.
One guide can't teach you social engineering – I can help you understand it, and get started, but
to learn social engineering, you'll have to challenge yourself, and go out there, where daylight
shines so bright, and start testing your skills.

Throughout the eBook, I might use some terms that I have not mentioned earlier in the book. These
will be explained shortly after. Also, the book was written as a Q&A, so if you have a specific question,
make sure you skim through the text. It might be mentioned somewhere in there.
Q. So, I'm all set! Tell me how this works.
A. Ah, I'm glad to see you're so eager to get started. There are some terms you should be
familiar with before we start – I'm not going to use them all, but you should know them before
you continue. They are below.

Pretexting is defined as the act of creating an invented scenario to persuade a targeted victim
to release information or perform some action. It is more than just creating a lie, in some cases it
can be creating a whole new identity and then using that identity to manipulate the receipt of
information. Pretexting can also be used to impersonate people in certain jobs and roles that
they never themselves have done. Pretexting is also not a one-size fits all solution. A social
engineer will have to develop many different pretexts over their career. All of them will have one
thing in common, research. Good information gather techniques can make or break a good
pretext. Being able to mimic the perfect tech support rep is useless if your target does not use
outside support.

Pretexting is also used in other areas of life other than social engineering. Sales, public speaking,
so-called fortune tellers, NLP experts and even doctors, lawyers, therapists and the like all have
to use a form of pretexting. They all have to create a scenario where a person is comfortable with
releasing information they normally would not. [1]

Facial Action Coding System (FACS)is a project to code emotions to facial microexpressions.
Developed by Paul Ekman and Wallace Friesen in the mid 1970’s, FACS has produced a list of
emotions and facial muscles involved. Interestingly, animators have found this list to be useful in
making their characters more life like.
FACS Manual
Joseph C. Hager, one of the founders with Ekman has a popular “manual” and course that
teaches students how to recognize and understand microexpressions. Learning to see faster and
understanding of human facial physiology are an important part of facial microexpressions.

A complete list of emotions and muscles is kindly provided by Joseph C. Hager on his web site:
• http://face-and-emotion.com/dataface/facs/manual/TOC.html[2]

Great, got that?

Q. I got it. But tell me, when does the fun start?
A. Stay patient, my friend. We still have a few things to get down before getting started.

Q. Okay, tell me what I've got to do.

A. Sure, let's head to the next page, shall we?
 Great, time for preparation!
I can't go much into detail here. This depends a lot on who you're looking to SE, what
kind of SEing you're looking to do, who/what you need to be to accomplish this, and much much
more. I will however, go through the basics of preparing for any SE, and allow your creativity to
do the rest.

Step 1.
Identify your target. Note down anything specific about him – Where does he eat? How does he
dress? How does he speak (if you can get close enough)? Who does he meet, where does he
work, at what time does he leave for work, blah blah.. Basically, be a stalker. I usually consider this
the most entertaining part of SEing, as I get to feel like Spider-Man. As a practicioner of Parkour, I
usually prefer elevated locations, from which I'm able to gain a perfect sense of overview. If you
are to use elevated locations, I recommend learning some basic Parkour, so that you're able to
swiftly relocate, in case your target moves out of sight.

If you can't be bothered with learning more than what is most necessary, I recommend keeping
a distance, blending with crowds, or disguising. Another, really really cool trick is the newspaper
trick. You've seen it everywhere, as it's really easy, and really beneficial. Sit down on a bench, with
the daily newspaper. Everyone passing you will see you regularly reading. What they do not
know, is that there are two holes through almost all the pages, except for the two outer pages.
When your target looks away, simply flip one of the outer pages over, to reveal a perfect pair of
holes to your eyes. If he turns, simply flip the outer page back, as if you were reading the inside
of it. Use your creativity here!

Step 2.
Prepare for contact. Use a couple days to plan out where it'd be most casual for you to meet the
target. Does he take any specifically crowded road to work, where bumping into them, or
meeting them randomly wouldn't seem too strange? Does he browse some kind of chatting
network? Maybe he's on Facebook? Plan out where you'll meet the target, how you will engage
conversation, and how you'll advance the conversation to the point where you receive the
information you're after. It's really important that you pick everything out perfectly. If you're
meeting a businessman/businesswoman, get a suit. If you're meeting a junkie, or a drug dealer,
baggy clothes are most recommended. You've received the guide ”Social Engineering – Looks
DO matter!” with this eBook for free. It's in the .zip folder. Open it, and read it if you want to know
more about dressing up, and how looks affect the result.

Step 3.
First contact. This is where it varies a lot – If you're looking to get a free item (a method I will
NOT be explaining here), then you'll only want to meet your target once, and should then
consider this the one and only meeting. Also, please note, that if you want something from a
company, it is the company that is your target, not any specific employee. You want to know how
their customer service works, and so on, and so on. Back on topic.. Let's assume you're looking
for a long-term reward, or a lot of personal information. This will usually require you to meet your
target more than once. It's therefore important that this meeting is casual, common, and doesn't
vary too much from their usual meetings.
 Here are three nice ways to stage a common conversation:

1.
Not a personal favourite of mine, as it usually only works with the opposite gender.
Bump into them by mistake, apologize to them a lot of times, seem upset. Offer
them a coffee or some breakfast as consolation. Or maybe show interest in what
they do, ask them if you may escort them to their destination, and keep the
conversation flowing. Try convincing them you're going the same way, so it doesn't
seem weird.

2.
This one's really easy, and it only requires a little polite eavesdropping. Find your
target while they're having a conversation outside, or somewhere you're able to
access. Now, listen to the conversation for a little while, try to find out what it's all
about, and interrupt them with, ”Excuse me, but I couldn't help to overhear the
conversation..”. Now, if it's an argument, make sure you ALWAYS join sides with your
target, as this is a shortcut to gaining trust. People need no more than a little
conversation to feel safe and liked.

3.
This one is possibly my favourite – This is easier than suiciding with an unpinned
grenade in your hand. People feel obliged to talk to someone who talks to them.
This requires a little nerve, but it's so God damn easy, you really can't f**k it up.
Just walk over to your target, while they're reading, listening to music, watching a
video, whatever.. And say, ”Oh, nice pick! I love that song/video/book”. Crack a little
joke to turn the topic around and avoid talking about the item, and boom, instant
conversation.

Did you pick your choice? Great! Now it's time for us to engage conversation. Just walk over
there, fire a few quick lines, and poof – You'll see a reaction. This is where FACS comes in handy.
Read their expressions, their microexpressions, they're eye cues.. Read it, understand it, and act
accordingly.

Q. WAIT! Eye cues, what's that?

A. Eye cues indicate which part of the brain and the conscious memory/imagination is being
used. These can reveal a lot of information about people, and in turn, can even tell you if they're
lying to you (paired with NACS, this makes a great team). We need to learn two types. One is
commonly referred to as Sanpaku – It reveals a lot about a person's mood, behavioural changes
and their mental limit. The other one is, in fact, eye cues. Both are eye cues actually, so I'll call it
Sanpaku & EM, instead of Sanpaku & Eye Cues. Let's pretend the EM stands for Eye Map.

I could spend a good hour explaining how Sanpaku and EMs work, but really I think it'd be
easier if I explained an image to you. This image is from Social-Engineer.org[2] which is a free,
framework regarding social engineering. While there are no direct tutorials, or any kind of
assistance in terms of learning, it does provide you with the same kind of information as
Wikipedia, only this is about SE.
Understanding Sanpaku – Below is a list of different kinds of visual Sanpaku:
 Understanding Eye Maps – While Sanpaku isn't too complicated, Eye Maps require a little
more explanation to fully understand. Luckily, I'll cover that in this chapter. [3]

Okay, so we've got a happy dude, and a lot of random stuff. Now, WHAT is that?
It's quite simple – They're abbrevations, if you didn't figure that out yet. Let's see..
Definitions V A F/K
c Visually constructed Auditory constructed Kinesthetic constructed
r Visually remembered Visually remembered Kinesthetic remembered
i - - -

*Lower-case i means ”Digital”, but we'll leave that out as it serves no purpose at the moment.
**You'll notice that the kinesthetic center only covers one part, so Kc and Kr belong in the same spot.

Okay, so we know what they mean now. Let's try focusing on how we can use them and
implement them when SEing someone. An easier term for ”constructed” would be ”made up”.
So, if I were to ask you a question, and you'd want to lie to me, your eyes would (in most cases)
be focusing towards a constructed area. Now, let's assume I asked you what you watched last
night, you'd focus on Vc. However, if I asked you what you heard someone else say, you'd focus
on Ac. Kinesthetic means feeling by the way. Something you've felt. I guess I won't have to
outline the rest. If you want to read more about eye cues, I recommend going to the Social-
Engineer.org framework.

DO NOT CONSIDER EYE CUES AS FINAL! THEY'RE STILL CONTROVERSIAL, AND

HAVE NOT BEEN PROVEN, HOWEVER THEY ARE PRACTICED A LOT!
Q. Okay, I got it – Preparation, contact, microexpressions, eyecues, stalking, sneaking. Am I
done now?
A. Oh, no. You're never done learning Social Engineering. However, we're getting closer to the
end of this eBook. Yet, we're still so far away. Let's start working on exploiting our target now.
There are several ways in which we can exploit our target. A lot of these will come in handy, and
none work on their own. There are a lot of things you should know when reading people. I've
taught you microexpressions and eye cues. How about breathing patterns? The faster your
breath, the faster your heartrate. Either you're in love, excited, exhausted or nervous. Fantastic,
but we still can't tell.

Time to look at your microexpressions, your behaviour, and your biologic change. Do your eyes
light up? Do you smile a lot, play around with your looks, keep eye contact for as long as
possible. If that's the case, you're in love. But you don't. So, do you eagerly tap your fingers
against your lap, look around, turn your head over and over, trip back and forth? Then you're
excited. But you don't.
Huh, now that's weird. You don't look exhausted either – You aren't sweaty, your pulse isn't
visible through the skin on your neck, your breath is n't deep, or heavy. But wait, what's that?
You're tapping your fingers against your lap, you can't decide how to stand, you're not exactly
smiling, or you're smiling excessively, you're stuttering a bit, swallowing a lot of spit.. Of course!
You're nervous. Let me try asking you a personal question. Your eyes hop around a bit, before
fixating on the Vc center of your brain. You lay off with an ”Uhm..” - I can see the white part
showing beneath both irises. Yep, you're nervous, and you're a liar.

So, using eye cues, microexpressions, common biology and reading your behaviour, I was able
to successfully isolate one solution from the former 4 options we were granted. Now, I
understand that this wasn't much of a deal, as most of them would give themselves away, but
when you get used to reading people all the time, you're able to expand this.

Great, so now we can read people. Now we need to get some feedback. Try changing your tone
of voice, or your behaviour. Generally, change yourself to read their change. What they don't
know, is that you're acting. Does the person seem arrogant when you're talking politely? Try
tuning it to an aggressive level. Are they nervous now? No? How about if I take a deep breath,
and walk closer to them, intimidate them. Okay, he's not nervous, he's scared. So, physical
intimidation scares him – Using logical deduction, most likely any kind of physical action would
work equally strong on him in some other way, compared to verbal actions, since shouting at
him didn't work. Fantastic.

Now we need to ask ourselves – What do I want to achieve? Do I want him to be nervous, so I
can interrogate him? Does he have to trust me, and like me, so I can get the information without
him knowing it? Or do I want him to think I'm a professional at his profession, so I can get
clearance to somewhere? Or maybe I have to be someone else, to get clearance? How does
those people act? Let me find one.

– It's all about feedback. If you want to be an UPS delivery man, find out how they work. If
you want to be a banker, find out how they work. Every profession has some kind of
social etiquette, and that's the one we're trying to penetrate and understand without
being part of the social collective.
 Now that we have our information, it's time for us to look at the abuse – Now we're going to get
what we want. Use the above questions now. Here's a little assignment (This works best with a
friend being there too).

If you're one person: Jimmy Marcs works as security in a shopping mall. He's a 37 year old male,
he's got a wife and three children in mid-school. He's up to date with technology, and owns all the
new items. You heard he won the lottery once – Must be a rich bastard, that Jimmy. Seeing as he is a
security guard, he's pretty used to liars, and is quite experienced at it himself. You decide to set out,
befriend him, and get his personal card information – Write down how you will do it, and try to make
as many scenarios as possible (what if he lies? What if he doesn't like me? Etc.)

If you're two people: Do the above assignment individually first, then discuss your solutions.
Select the 4 best scenarios from your ideas, and try turning it into a roleplay where you take turns at
being the SE'er and Jimmy. If you want the best outcome, I recommend letting the idea's author play
the Social Engineer, as they know how they planned it out. Another alternative is to skip directly to
the roleplay without any scenario laid out, and try SEing Jimmy without preparation.

Great – you've probably come up with some brilliant ideas. I really can't help you much here, as
it's all about being creative. I did however supply my tutorial ”SE – The Cynical Engineer” in this
.zip folder, in which I explain abusing a dying relationship – One of my favourite exploits.

From here on out, the rest is entirely up to you.

That's it for SEing a single person.

Continue to learn about SEing groups.

Source list:
[1] Wikipedia.com
[2] Social-Engineer.org
[3] WetWareMarketing.com
 Chapter 2:
Social engineering
a group
 Q. Okay, tell me something – How does SEing a group differ from SEing an individual?
A. Well, truth is – It doesn't differ much. The next chapter will be relatively short, as I'll only briefly
explain the differences, and the ideas that are not shared commonly between all three
categories (individual, group, online). Let's get straight to it.

When using Social Engineering you've got both pros and cons. This chapter will contain a list
with explained points, on the subjects that differ greatly from individual SEing.

1. (Pro) You've got more targets to analyze, and you can analyze the group as one individual
How? Simple – When people are joined by a group of people who are just like them, or
share common interests, etc, they bond. And bonding is in your favour, contrary to
common belief. These people will start to whisper if they suspect anything wrong going
on, clearly signalling to you that it's time to back out and try a different approach in a
hurry. Similarly, they'll back each others up if they believe you are in fact who you're
trying to be. Also, you only need approval from one person to become part of the group,
in most cases – As soon as one guy, usually the ”alpha wolf” accepts you, everyone else
will tag along. So in a group of eight, the chance of being trusted are eight times the
chance of the individual, however oppositly it's also eight times the risk of being flagged
as a con artist, or a straight-up liar.

Now, let's consider the group like a whole, instead of a collective of people. What does
this give us? Well, we can analyze how the whole group reacts – Does it question my
approach if I try talking to the whole group at once? What if I look at one core, being an
individual person – How does the group react now? Is the group supporting the ”head” of
itself, or is it democratic? This gives me a whole lot of new approaches to try, and
therefore allows me more time to figure out how exactly to approach these people.

2. (Pro) Peer pressure.

You wouldn't think so, but this is actually your number one friend when SEing groups.
Think about it – All it takes is for a couple of guys to trust you. If you convince the loudest
guys, the rest will follow in fear of being left behind. Since this is my own method, there's
no term for this. So I'll invent one right now – Cell Suppression (CS).
Let's assume we've figured the three main figures of the group (EVERY group will contain
main figures) and need to convince everyone that we're here for genuine reasons. How
do we do this? Simple – CS. If we can Cell Suppress just 2 of the three (over half) main
figures by targetting them individually instead of the whole group, we're able to convert
everyone else without doing anything at all. As soon as the two main figures believe us,
they'll start helping us convince their friends in accomplishing what we want to
accomplish – Now this is one of the small diamonds held in the depths of Social
Engineering.

3. (Pro) Domination.
This one's really tricky, and I won't go in-depth with it in this eBook. But if you can ”speak
louder” than the dominating cells of the group, you're actually able to gain leadership of
the group in as little as a few hours – Practice this on your own, try bumping into a group
you're not usually associated with, and make them follow you somewhere, keep giving
out subliminal orders through suggestive thinking (There are loads of eBooks on
suggestive thinking out there. I'm nowhere good enough at it to create one)
 4. (Con) More minds to make up.
Now we're at the cons – The true downsides. Your number one downside is that it, just
like in Cell Suppression, takes only 50%< of the main figures not believing you, for them
to convince the rest of the group to follow them. This means you need to quickly counter
any suspicion questions they might have. This can be countered by Cell Suppression, but
if you allow too much of a timespan between questions arising and your CS, you'll end up
in some serious trouble. If someone's convinced already, changing it would be like
making someone convert to another religion.

5. (Con) More knowledge.

Okay, let's assume you were trying to talk SE an individual about.. IT. You're doing just
perfect, telling him some gibberish about this and that. Everything's alright, you sound
professional, and he's willing to blindly throw his dollars in your face. And poof, around
comes one of his friends, and he quickly waves him over. Turns out, his friend is an IT
genius, and as your target starts blabbering about this new investment, Techy starts
asking you questions. Questions you can't answer, because your statements were
nothing but verbal diarrhea. Case closed. There's absolutely NO way to counter this
without being perfectly genuine all the way through. You can always try to prepare for
some of the questions before starting your SE, but there's no way for you to outline and
answer every question they might ask. Cross your fingers, pick some obscure subject that
few people know a lot about (IT is NOT one of them, maybe pick SEO), and hope for the
best.

Okay, with that covered, let's wrap up this chapter with a few hints and a few tips on how
to behave when SEing groups.

• Always seem dominant – As if you know much more than they do on ANY given subject.
• Try to share their interests – This will answer their ”what's he doing here?” questions.
• NEVER ask to be part of the group, or somehow imply you're not part already.
• You're part of the group. Always has been, always will be. Don't forget that.
• Don't mention you're part of the group either! Just act as if it's totally normal.
• Always try to locate the main figures. Usually they talk much more than the others.

Okay, that wraps up chapter two.

I told you this was going to be short.
There's simply no way to elaborate it more.

Next Release:

Social Engineering: Let's Go Online!