Hi. I’m ACE. These are my stories. After a couple unrelated careers, I’ve become a penetration tester. But more than a pentester, I’ve become a professional social engineer. A ‘liar for hire,’ as my family and friends joke. Yeah, I get paid to write, tell and act out lies.
It’s all in the name of improving some client’s security posture, but you know what? That’s not really why I do it. It’s adrenaline. Just like standing at the top of a cliff tied to a rappelling rig or poised on top of a 50-foot diving tower, fear feels good. It’s the conquering of that fear that provides a rush and a sense of accomplishment and that’s the real reason I do it.
I believe deceit is against human nature. Effective deceit takes self control and discipline. That’s the challenge for this job. Some guys will tell you they have a ‘moral’ issue with doing social engineering. I call bullshit. I think they just don’t want to admit that they can’t take the pressure. Lying can wear you out. It takes energy to maintain a lie. It takes energy to manage your own emotions so they don’t show through when you’re face-to-face with the security guard.
So, what follows are stories from the road, mostly about social engineering. Some successes, some failures, most always with some lesson learned. While some stories involve using advanced techniques and technologies, some just involve using the social skills obtained growing up a southern boy in rural Georgia.
As a friend and colleague told me once, “Ace, you look and act too stupid to be lying.” Gee, thanks.