Richard De Vere
Who are you, and what do you do?
I am Richard De Vere (@rfdevere), I work as a social engineering consultant for my small company ‘The AntiSocial Engineer Ltd’. On a day to day basis I perform all kinds of SE related tasks such as Phishing assessments, Vishing calls, and a little bit of the traditional network/forensics on the side. I have previously worked for a beautiful UK based IT company but decided to recently start up one my own. It is a hard but rewarding first few months. If you have a secure place, be it a bank or a data center, I will probably get in there and I will probably steal data.
What hardware do you use?
I am pretty much an Apple fan boy and I will be the first to admit it. If I need hardware my first question is always “can I run this with Apple stuff?”. When you opt in to the whole overpriced experience it is a pleasure to use.
I have the 2TB WiFi time capsule which also has a hot-swappable HDD caddy attached as the center of this setup, I do most of my work on a 27″ i7 iMac and when I have big job on I will also rig up a
projector to project a second 100″ display using the AirPlay magic. Obligatory 2 Apple TV’s hooked up to a couple of plasma screens to really spread the desktops throughout the house.
I’m loving using the LeapMotion little tracking bar as well which I find more of a gimmick than an accurate input device but it has it’s place.
- Nexus 7 running NetHunter and with dongle supports for sly SE work.
- 6 Camera home security system rigged to a A.N.P.R system to capture logs off site. It captures a snapshot of the house every 3 seconds and ships that out to a hidden NAT HDD and also to a FTP server.
- Enough spy gadgets to suppress my childhood desires; Tracking bugs, Pineapples, Converted RaspPi’s, Cell phone bugs, LiPo Batteries, Aerials, SE DropBox’s etc.
- iPad Mini Retina, iPhone 5s, iPad 2, iPhone 4s
- Small 9″ netbook running Mint which really is a charm, It has loads of hacking tools on it and I try to get my daughter into it.
- BunnyCam, this isn’t hardware as such but I have a bunny in my cellar that has a live CCTV feed so we can check it’s OK… It keeps me motivated….
As far as shopping goes, Amazon is a killer place to get spy gadgets. I get Chinese tech cheap and modify it as well. Aliexpress really is a goldmine too for batteries and little bits. I have a small qualification in electronics which helps.
What does your testing network or lab look like?
When I test my gear it usually doesn’t need a segregated network as most of this is done with smaller isolated tools. I have the usual VMWare which I am a big fan of for the integrated nature of it.
The VM’s I am currently using on the iMac tend to be training labs from Cisco, MetaSploitable2, OpenVas, Kali, and if I realllllllly have too Windows 7.
What tools and software do you use for your trade?
I would be lost without the offering from TrustedSec – The Social Engineering Toolkit. It still amazes me what is possible using this simple little tool. I have found just taking your time and putting all your effort in to using it properly is a really worthwhile investment.
I tend to shy away to what I know and feel steady on which is Apple. The more you learn it the more you get closer/better integration with Linux systems. I still stumble around the Windows environment despite 5 years of this!
Kali Linux is another favorite. It is interesting to venture away from networking into stuff such as Software defined radio gadgets for SE work (Editors Note: Kali also has a “metapackage” for Software Defined Radio Tools). I love the fact you can leave a box smaller than a matchbox and it dials home sound.. I don’t think at 65 the novelty will go.
NetHunter is becoming a common tool for me, with it on the Nexus 7 and combined with an Alfa dongle it is capable of hacking WiFi in your pocket as well as launch BadUSB attacks back to a couple of servers I have. It really is a 5 second Pwn.
I love anything USB. I am a big fan of the TAILS amnesic Linux Distribution and also the work of pioneers that are trying to piece the file structure together after it’s use. It is hit and miss but I love the fact people out there can. It gets really deep and I would love to understand the sheer doctorate level computer sciences going on there.
We all use NMAP but the single biggest tip I could ever give anyone is this page: http://nmap.org/book/nse-usage.html It was the opening of a big door with NMAP for me and taught me so much. It should be accompanied with a list of all the NSE scripts after you have mastered the switches.
What is your dream setup?
I have been messing around with the Apple Mobile Device Management stuff lately and I would like to cover all my gadgets under one big MDM configuration policy. I would like a dedicated office and to be able to merge 2/3/4 projector screens into one big display. I would of course have to have some kind of way I can clap my hands and have it launch millions of Phishing emails. I am a little projector mad as it is also my hobby to project things on buildings.
I wish you all the best with the Blog and it seems like a really cool Idea. Years ago I was trying to research all this and it is quite hard for new talent to know what to get into. I hope it will bridge the gap a little.I like the book Social Engineering Penetration Testing: Executing Social Engineering Pen Tests, Assessments and Defense for a good introduction to SE.