[vasco]

In the book he spends a lot of time on the social engineering parts of it to be honest. It's been a few years but I remember him mostly bragging about that rather than developing custom exploits.

[tptacek]

He also comes from an era of intrusions where systems were so bad you didn't really need to code to get into them. For an alarmingly long time, the most effective tool you could use to pop a network was simply `showmount`.

[ASalazarMX]

That time is still today, as people are still the weakest link. A talented scammer can convince people to give them access to their WhatsApp account despite the E2EE, 2FA, and SMS verification codes.

In Mitnik's version, he RTFMs, learned the technical lingo, procedures, and even the names of telco employees.

[devmor]

100%

The majority of corporate breaches are a combination of poor Least Privilege practices and phishing/smishing.

Even with well secured, alert personnel, you often see ISPs and Telcos socially engineered to gain access to an employee account.

[d1sxeyes]

Yeah I think Mitnik’s abilities were mostly around thinking about doing stuff that no-one had considered that you could do. It’s still a big skill, but nowadays, there’s less stuff that no-one has thought about before.