0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Archive for April 2009

Google Voice (was Grand Central) is a pentester’s best friend

with one comment

Google Voice turns out to be really handy for phishing attacks. When you send out a phishing email, it’s useful to include a phone number, in case of any issues with the attachment, link or other payload.

Google voice gives you a (new, anonymous) number which you can route wherever you’d like (cell, office, etc). Additionally, you can configure your voicemail to quickly impersonate the local admin, or security officer.

The killer feature, however, is the voicemail recording and transcription. Never again do you have to wade through a voice-driven mail system. Now, it simply dumps into your inbox for easy inclusion into a report. Additionally, you can download, email and share (via unique URI) voice messages.

Good for demonstrating that you can’t trust links AND phone numbers.

Written by jcran

April 20, 2009 at 10:47 PM