Both social engineering and technical attacks played a big part in what I was able to do. It was a hybrid. I used social engineering when it was appropriate, and exploited technical vulnerabilities when it was appropriate.

The Americans are the most gullible, because they don't like to deny co-workers' requests.

Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management.

There is no patch for stupidity.

All they need to do is to set up some website somewhere selling some bogus product at twenty percent of the normal market prices and people are going to be tricked into providing their credit card numbers.

I trust online banking. You know why? Because if somebody hacks into my account and defrauds my credit card company, or my online bank account, guess who takes the loss? The bank, not me.

Of course I'm sure half the people there hate me and half the people like me