Towards Automating Social Engineering Using Social Networking Sites (Preprint)

Posted: July 6th, 2009 | Author: | Filed under: ASE, PASSAT-09, research, security | Tags: , , , , , , , , , , , , , , , , , , | No Comments »

I made the preprint version of my publication on “Towards Automating Social Engineering Using Social Networking Sites” available online. You can fetch the pdf from here: As I said before I will present this work at this year’s PASSAT in Vancouver.

Abstract—A growing number of people use social networking sites to foster social relationships among each other. While the advantages of the provided services are obvious, drawbacks on a users’ privacy and arising implications are often neglected. In this paper we introduce a novel attack called automated social engineering which illustrates how social networking sites can be used for social engineering. Our approach takes classical social engineering one step further by automating tasks which formerly were very time-intensive. In order to evaluate our proposed attack cycle and our prototypical implementation (ASE bot), we conducted two experiments. Within the first experiment we examine the information gathering capabilities of our bot. The second evaluation of our prototype performs a Turing test. The promising results of the evaluation highlight the possibility to efficiently and effectively perform social engineering attacks by applying automated social engineering bots.

Automated Social Engineering Bot – PASSAT 2009

Posted: June 13th, 2009 | Author: | Filed under: ASE, random, security | Tags: , , , , , , , , , , , , , , , , , , | No Comments »

I got a paper on my Automated Social Engineering Bot accepted at the PASSAT 2009 conference. I’ll post the camery-ready version soon. 🙂

Paper accepted

Posted: April 20th, 2009 | Author: | Filed under: random, security | Tags: , , , , , , , , , , , , | No Comments »

We just got a paper accepted at the WISE09. It’s on virtualization of security lab exercises based on OSS. I planning to post the paper here, once I have the print-ready version.