Jump to content


Photo
- - - - -

Any bright ones out there?

PBX Phreak Social Engineering Headhunting

  • Please log in to reply
No replies to this topic

#1 gaudmaud

gaudmaud

    Will I break 10 posts?

  • Members
  • 2 posts
  • Gender:Male

Posted 25 February 2013 - 09:20 PM

Hello there,

 

 

I am a headhunter/recruiter that was recently exposed to this world. 

 

Name collecting is something we continually need to do in order to have a potential candidate pool to draw from. We do this via social engineering. Calling into companies, pretending to be someone else, and trying to obtain names of people who have relevant skills for positions we are working on. This is very time consuming and inefficient, but necessary. This is done basically via exchange scanning. We also map out departments as we go as well. Sometimes we encounter dial by name directories on PBX's which are useful for obtaining transfers/extensions if you know a name, but I haven't discovered any other way to exploit this. I personally target about 15 asset management companies who have offices in Tokyo, all of which use various PBX systems like Audix and Cisco.

 

Can anyone think of a way streamline the name collecting process? Is there a way to exploit a PBX for this information? Any ideas would be greatly appreciated. We currently have an entire office dedicated to this name collecting process. I would be happy to compensate anyone who can help to make this effort more efficient. In a perfect world, there would be a way to obtain entire company phone lists.







Also tagged with one or more of these keywords: PBX, Phreak, Social Engineering, Headhunting

BinRev is hosted by the great people at Lunarpages!