> I read your tutorial/essay on Social Engineering, thought it was pretty
> accurate and damn funny. I was curious - got any special advice on good
> approaches to engineering law firms, and/or other private companies
> that handle legal matters and information as opposed to a generic
> business or computer centre? I haven't got anything specific in mind,
> just curious what your thoughts might be on approaching that area of
> -j. firstname.lastname@example.org
i'd recommend the getting in by means of disguise (suit). Then ask the secretary something and take a peek at her computer. Look for what she types, look for post it notes. Try to get her to leave for a second so you can rifle through her stuff.
it depends what kind of building for a law firm. A garage entrance is good for letting you in. Just walk in and go up the garage elevator, bypassing security. Secretaries are not smart. That's why they are secretaries and not lawyers. Take advantage of that. Look clean shaven and respectable. It's an influence con game. Make them believe you are there for a reason and you're scott free. You can also tell them you're from some computer company so they give you run of the computer.
Another good thing is a very long term plan, but it works. If you know a bit of programming, alter your favorite office or internet program with vis C++. Put a bit of messed up code in it so it crashes. Go to kinkos or staples and make a nice little package for it for $5. It looks pro. Take it to the victim office and present it as a demo package. Make sure you put your phone # in there. Tell them to call in case anything goes wrong. Also tell them they get a full version for being beta testers. Make sure they take it and try it. they'll call you. go back in and fix the problem. this gives you full run of the computers. I know that this one is a longshot, but I've used it and to much success.
Security guards make only slightly more than McDonald's employees. At $6.50 they are not really willing to stop a bullet. They are hardly willing to stand. They are not smart, otherwise they'd be cops (which aren't too bright either). In other words, they are a push over.
You have the knowledge that you can manipulate security guards. That $6.50 matters to them more than anything and you know it. Let's say you need some access to their place. Call relatively late at night where there is the late shift guard. IT MUST BE A THURSDAY NIGHT. He should be the dumbest and the last thing he wants at four in the morning is to be bothered and deal with people. Give yourself a professional sounding name and speak gruffly and demandingly. This is part of the illusion. Tell him you're from accounting and you're working on tomorrow's payroll. You're computer went down and you need some access or else "There will be no paychecks tomorrow" or something like that. That's a nightmare to this guy. He will do anything he can to get his $200 bucks for his hard work. He will help you in any way possible. Walk him through his system and things like that. Ask him to tell you what's around. You control him. Be creative.
Getting into a computer is hard. So is getting into a corporate or large building. Walking past a security guard isn't great for keeping a low profile. Underground garages stay open almost all the time. This is a good thing for you. No one pays attention to someone walking into a garage beacuse they could hypothetically be getting their car. Makes sense. Garages also have elevators that go into buildings. Some have keys to prevent awful people from getting in. Be patient, someone will come down and just hop in. You can bypass the lobby through the elevator and go right to the place you want. If you're wearing a suit (which you should be), scam the janitor into letting you into a place. Look hurried and pat yourself for keys. Tell him you left them in your car and you just have to grab something really quickly. He's not smart. He's a janitor. If he was smart, he'd be in your place. Think on your feet if anything comes up.