aeondave/social-engineering-technique
offensive-techniques/social-engineering-technique/SKILL.md
Social engineering methodology for authorized red team engagements: pretext development, phishing campaign design, vishing, physical social engineering, target research, and security awareness metrics. Use when planning social engineering campaigns, designing pretexts, or assessing human-factor security controls during authorized engagements.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill social-engineering-techniqueInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 9, 2026, 4:33 AM160.3s1 file scanned
SKILL.md
- name:
- social-engineering-technique
- description:
- Social engineering methodology for authorized red team engagements: pretext development, phishing campaign design, vishing, physical social engineering, target research, and security awareness metrics. Use when planning social engineering campaigns, designing pretexts, or assessing human-factor security controls during authorized engagements.
- license:
- MIT
- compatibility:
- Authorized social engineering engagements only; signed ROE required
- author:
- AeonDave
- version:
- 1.0
- category:
- offensive-techniques
- language:
- multi
Social Engineering Technique
Goal: assess organizational resilience to human-factor attacks through authorized, controlled social engineering campaigns.
When this technique applies
- Engagement authorizes phishing, vishing, or physical social engineering.
- Need to design pretexts or campaign narratives.
- Need to measure and report on human-factor security metrics.
Boundary
- Phishing infrastructure:
phishing-technique(GoPhish, Evilginx2, domain setup). - OSINT for target research:
osint-technique. - Payload delivery:
offensive-coding/shellcode-dev/,offensive-tools/exploits/metasploit/.
Authorization gate
Before any social engineering activity:
- Signed ROE explicitly authorizing social engineering.
- Confirmed target scope (which users, departments, locations).
- Authorized techniques (email phishing? vishing? physical?).
- Data handling policy for any information collected.
- Emergency contacts and abort procedures.
Initial triage
Before preparing a campaign, classify the human objective and the safest authorized channel for testing it.
- Starting state: is the assessment centered on phishing, vishing, physical access, pretext validation, or awareness metrics?
- First questions: what population is in scope, what behaviors are being tested, what realism level is allowed, and what evidence and safety controls are required?
- Immediate actions: confirm ROE, choose the scenario type, define pretext category and success criteria, then decide whether supporting infrastructure or OSINT depth is needed.
- Tool-family direction: use
osint-techniqueand passive research first for target context, move tophishing-techniqueonly when the scenario actually requires email or AitM infrastructure, and keep payload/delivery tools as a later support layer. - Escalation rule: prefer the narrowest scenario that measures the control you care about; avoid stacking multiple deception channels without justification.
Methodology
1. Target research
- LinkedIn: job titles, reporting structure, technology stack, group memberships.
- Corporate data: press releases, SEC filings, job postings, conference presentations.
- Technical footprint: email format, mail server vendor, email gateway.
2. Pretext development
Common trigger categories:
- Authority: impersonate IT, executive leadership, HR, legal, compliance.
- Urgency: password expiration, security alert, policy deadline, benefits enrollment.
- Curiosity: shared document, voicemail notification, package delivery, invoice.
- Fear: account suspension, policy violation notice, security incident.
- Reward: bonus notification, gift card, survey completion incentive.
3. Phishing campaigns
See phishing-technique for infrastructure setup. Key methodology decisions:
- Spear phishing vs. broad campaign (personalization vs. scale).
- Credential harvesting vs. malware delivery vs. MFA relay.
- Single-stage vs. multi-stage (pretext email → landing page → payload).
4. Vishing (voice phishing)
- Pretexts: IT support, vendor callback, survey, recruiter.
- Techniques: caller ID spoofing, warm transfer chains, callback numbers.
- Capture: voicemail PINs, VPN credentials, remote access codes.
5. Physical social engineering
- Pretexts: maintenance worker, delivery person, new employee, vendor.
- Techniques: tailgating, badge cloning, desk surfing, dumpster diving.
- Capture: badge numbers, access codes, document photos.
6. Campaign metrics
| Metric | Description | Industry baseline | |--------|-------------|-------------------| | Open rate | Recipients who opened | 30-50% | | Click rate | Recipients who clicked | 10-25% | | Credential submission | Recipients who entered creds | 5-15% | | Payload execution | Recipients who ran attachment | 3-10% | | Reporting rate | Reported to security | 5-15% (target >30%) | | Time to first click | Elapsed from send to first click | Typically <5 min |
Resources
references/pretext-library.md— categorized pretext templates for phishing, vishing, and physical scenarios.references/campaign-planning.md— campaign design worksheet and metrics tracking template.
Related Skills
aeondave/offensive-linux-role
data-ai
VerifiedTrustedCommunity
Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.
4SKILL.mdUpdated Jun 5, 2026
aeondave/ics-technique
development
VerifiedTrustedCommunity
Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).
4SKILL.mdUpdated Jun 2, 2026
aeondave/game-technique
tools
VerifiedTrustedCommunity
Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).
4SKILL.mdUpdated Jun 2, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 2, 2026