←back to thread

Laptops with Stickers

(stickertop.art)
601 points z303 | 2 comments | 02 Nov 25 11:58 UTC | HN request time: 0s | source
Show context
WaitWaitWha ◴[12 Nov 25 00:20 UTC] No.45894775[source]
Some pen test teams use laptop stickers as an excellent resource for proper social engineering.

Some cyber companies explicitly prohibit stickers on company laptops.

replies(1): >>45897117 #
0xDEAFBEAD ◴[12 Nov 25 06:57 UTC] No.45897117[source]
>Some pen test teams use laptop stickers as an excellent resource for proper social engineering.

How?

replies(3): >>45897483 #>>45897927 #>>45899031 #
omeletdufromage ◴[12 Nov 25 08:00 UTC] No.45897483[source]
Not the OP, but I have heard something similar from a sec conf before. Gist being if a laptop has stickers like this, then the chances of the owner being an engineer is significantly higher, so pentest teams / malicious actors can better focus their efforts on those individuals, and have a higher chance of gaining access to internal systems than if they targeted random folks in public.

Doesn't help as well that arguably the kind of stickers a laptop displays tends to hint at who's a sysadmin or not, etc.

replies(1): >>45897735 #
FinnKuhn ◴[12 Nov 25 08:32 UTC] No.45897735[source]
That sounds like info you would already have by taking a look at LinkedIn or am I missing something?
replies(2): >>45897861 #>>45898986 #
1. benchly ◴[12 Nov 25 11:46 UTC] No.45898986[source]
You're missing something, but that's sorta the point. The idea of what a full-stack developer or back-end engineer or hacker (or whatever term we want to bandy about) looks like is largely based on stereotyping and a bit of myth. You can't tell what someone does for a living just by looking at them all of the time, but you can some of the time, so it's easy to play on that by dressing the part because we humans can be easily tricked into trusting our own information by default. If you cosplay as a network engineer, it's pretty likely that's what most people will think you do.

Say you're red teaming, and you are on-site looking to gain access to the server closet of a business. Some initial setup about you being there comes into play, but once there, it's up to you to look like you belong there, when some unwitting person with access to the server closet will lead you to it, then leave you to do your thing on the pleasant notion that you'll have the "problem" fixed by the end of the day. This is an ultra-simple scenario used as an example, but looking the part sometimes means having some stickers on your laptop that tell people you're really into a specific language or tool chain, or that you've been in the SOC trenches long enough to know what a lot of those inside jokes mean. Details often sell the lie.

replies(1): >>45904406 #
2. Kye ◴[12 Nov 25 18:59 UTC] No.45904406[source]
The classic clipboard and high-vis hack.