Daniel is a Security Consultant, a bachelor’s in arts of Representation, an Actor and a Scenic Communicator. With more than 10 years of experience as an academic in Acting classes in several Universities. Since 2015, Daniel is leading Fr1endly RATs, the Social Engineering unit at Dreamlab Technologies Chile.
He Specializes and develops techniques and methodologies for simulations of Phishing
attacks, Vishing, Pretexting, Physical Intrusions and Red Team.
Certifications / Competencies:
Advanced Practical Social Engineering, Orlando, FL, USA.
Physical Red Team Operations, Saint Paul, MN, USA.
OSINT Crash Course, The OSINTion, USA.
Usable Security, University of Maryland, USA.
Improvisation Summer School, Keith Johnstone Workshop Inc. Calgary, Canada.
Talk: Old Still Cool
Obtaining access and sensitive information from critical areas in three cases of
merging classic Social Engineering formats under the concepts Physical Spear Phishing and
Vishing Web Scam. The physical-digital tools and techniques used for the realization of the
objectives will be explained.
Controls and filters advance according to market demands and it is becoming increasingly
difficult to perform generic phishing simulations with a considerable scope, without these
being rejected by security systems, reaching the spam mailbox or alerting security filters and
preventing the integrated display of malicious mail.
How to bypass an antivirus in a service under a black box format? How to bypass firewalls so that systems can be accessed without being stopped? Is it necessary to go unnoticed?
As a unit we have specialized in the last five years in the development of pretexting,
persuasion techniques and extremely particular and effective simulation scenarios.
This paper presents 3 cases of mergers of classic Social Engineering formats united under
concepts that we call Physical Spear Phishing and Vishing Web Scam. The physical-digital
tools and techniques used for the realization of objectives will be explained.
One of the first difficulties we have in SE services is the short time we have in relation to an
organized criminal band. They manage to carry out effective attacks after periods of six to
twelve months of research and testing. We only have 5 to 10 days for the entire project:
Information gathering, execution and reporting.
So, trying to replicate the real-time flow of an attack's entirety is unworkable and trying to
emulate it in such a narrow time only yields results that are not close to reality, thus
generating false security in the collaborators involved in the simulation.
For this we were obliged to look for processes and techniques that would place us in a
realistic scenario of high reach.