0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Google Voice (was Grand Central) is a pentester’s best friend

with one comment

Google Voice turns out to be really handy for phishing attacks. When you send out a phishing email, it’s useful to include a phone number, in case of any issues with the attachment, link or other payload.

Google voice gives you a (new, anonymous) number which you can route wherever you’d like (cell, office, etc). Additionally, you can configure your voicemail to quickly impersonate the local admin, or security officer.

The killer feature, however, is the voicemail recording and transcription. Never again do you have to wade through a voice-driven mail system. Now, it simply dumps into your inbox for easy inclusion into a report. Additionally, you can download, email and share (via unique URI) voice messages.

Good for demonstrating that you can’t trust links AND phone numbers.

Advertisements

Written by jcran

April 20, 2009 at 10:47 PM

One Response

Subscribe to comments with RSS.

  1. oh yeah. you can listen in as people leave voicemails & bust in as they’re about to hang up. very unnerving for them 🙂

    jcran

    April 20, 2009 at 10:55 PM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: