| (1) Social engineering is a key component of several high profile intrusions that happen today. The best way to help an organization understand their ability to detect, mitigate, and/or contain this type of attack is to do it. https://www.google.com/#q=phishing&tbm=nws (1a) Statements, such as "it requires social engineering" [it's not a valid vector] represent a dated understanding of hacker tactics and part of my work is to help folks with your view move their understanding forward. Usually the conversation is not a response to an adversarial comment like yours. Here are a few talks/papers that I recommend: http://blog.strategiccyber.com/2012/12/19/hacking-like-apt/ (2) Cobalt Strike builds on something called the Metasploit Framework. The Metasploit Framework is the largest open source collection of safe exploits. My product addresses gaps in this kit for executing attacks that mimic those high profile intrusions mentioned a moment ago. A successful operation requires more than an email with something bad attached. http://blog.strategiccyber.com/2013/01/14/tactics-to-hack-an... (2a) Cobalt Strike's open source little sister is Armitage. A popular user interface and collaboration tool for the aforementioned "better and powerful and safer open source alternative to run exploits". I'm the developer of Armitage as well. http://www.fastandeasyhacking.com/ |