3 Hacking Skills EVERYONE has // FREE Security+ // EP 1

TL;DR

Recon often starts with publicly available information from social media and search, then gets repurposed for phishing, malware delivery, or impersonation.

Briefing Cornell Notes

Briefing

Social engineering attacks often start with skills “everyone already has,” and the most effective defenses begin by treating everyday behavior—what gets posted, what gets thrown away, and what can be overheard—as part of an organization’s security perimeter. The core message is blunt: attackers don’t need to break into computers first. They can gather enough information about a person or company to set up later phishing, malware delivery, or impersonation, using publicly available data and human observation.

The first skill is reconnaissance (recon): collecting information about a target before any direct attack. Recon can be as simple as “snooping” through public social media profiles—Facebook, LinkedIn, and Twitter—where people voluntarily share details about their identity, beliefs, friends, workplaces, and even technologies they use. That information can be weaponized. Knowing someone likes a specific topic can help craft convincing emails that lead to malicious downloads. Details about friends can enable impersonation, letting an attacker message a target as if they were a trusted contact. For companies, recon can reveal the tools and infrastructure a business uses—such as Cisco-related technologies—giving attackers clues about potential weaknesses and how defenses are structured.

This recon phase also scales through open-source intelligence (OSINT), which relies on information already available on the internet. The transcript highlights tools and methods that automate discovery: OSINT frameworks that search for usernames across platforms; advanced Twitter search tools like Twint to pull lists of tweets by username, time window, or even location; and services like Hunter.io that can generate lists of real email addresses tied to a company’s domain. Even “Google hacking” (Google dorking) is presented as a way to find public information that may be unintended for broad exposure.

The second skill is dumpster diving—digging through trash or discarded materials to recover sensitive data. While the transcript notes that this is often not illegal in many places because trash is public domain, the risk is real: mail can contain names, addresses, and pre-approval details that help attackers tailor scams; companies may discard documents with passwords, email lists, purchase orders, or other “harmless” paperwork that becomes valuable in the wrong hands. The practical defense is straightforward: shred documents, and for computers and hard drives, use proper third-party disposal that wipes data.

The third skill is shoulder surfing, the act of watching someone enter passwords, view screens, or read messages. It’s not limited to someone standing behind a keyboard. It can happen in public spaces like coffee shops, on phones in line, or at ATMs where passcodes and card details are visible. The transcript also expands the concept to eavesdropping—listening to conversations in public places where technical buzzwords and workplace details can reveal what teams are doing, what systems they use, and when employees will be available.

Across all three skills, the defense is education and discipline: assume online information is discoverable even when privacy settings are enabled; train employees not to overshare company details; control what gets discarded; and reduce opportunities for observation by limiting screen and passcode exposure. The takeaway is that social engineering is psychological and accessible—hard to stop because it depends on people, not just technology—and it sets the stage for more damaging attacks afterward.

Cornell Notes

The transcript argues that social engineering attacks often begin with three non-technical skills: recon, dumpster diving, and shoulder surfing. Recon uses open-source intelligence (OSINT) to collect personal and company details from public sources like Facebook, LinkedIn, and Twitter, then repurposes that data for phishing, malware delivery, or impersonation. Dumpster diving targets sensitive information left in trash, including mail and discarded documents, while shoulder surfing captures passwords, screens, and even workplace conversations in public settings. Because these tactics rely on human behavior and observation, the most practical defenses are behavioral: limit what’s posted, shred and properly dispose of sensitive materials, and prevent others from seeing screens and passcodes. The stakes are high because these early steps can enable later, more damaging attacks.

How does reconnaissance (recon) turn everyday online information into an attack advantage?

Recon is about gathering background details before any direct intrusion. Public social media profiles can reveal identity, relationships, interests, and workplace context. The transcript gives examples of how that can be weaponized: an attacker can use specific interests to craft targeted emails that trick someone into downloading malware; they can impersonate friends by referencing real connections; and they can impersonate the target to influence others. For companies, profiles can also disclose the technologies a business uses (including Cisco-related tools mentioned in the transcript), which can later inform how an attacker plans attacks.

What is OSINT, and why do tools like OSINT frameworks, Twint, and Hunter.io matter?

OSINT (open source intelligence) refers to collecting information that’s already publicly available. The transcript emphasizes that automation makes recon faster and broader: OSINT frameworks can search usernames across platforms; Twint can perform advanced Twitter searches without an account, including pulling tweets by username, by time range, or by location; and Hunter.io can return lists of real email addresses associated with a company’s domain. These tools reduce the effort needed to build a detailed target profile, making social engineering more scalable.

Why is dumpster diving risky even when the information seems ordinary?

Dumpsters can contain data that looks harmless but becomes valuable for attackers. The transcript highlights junk mail that includes names and addresses, which can support tailored scams. For companies, discarded materials may include passwords, email lists, purchase orders, or other sensitive documents. The key risk is that attackers can combine small pieces of information into credible lures or access attempts. The defense is to shred documents and use third-party services to properly dispose of computers and hard drives, including wiping data.

What counts as shoulder surfing beyond someone watching a password at a desk?

Shoulder surfing includes any situation where someone can observe what a person is doing. The transcript notes it can happen in public places like coffee shops where people can glance at a laptop screen or phone. It also includes observing passcodes at ATMs and watching what’s typed on mobile devices. The concept extends to eavesdropping: listening to conversations in public where technical details and workplace buzzwords can reveal systems, projects, and schedules—information that can be used to time or tailor later attacks.

What practical habits does the transcript recommend to reduce exposure to these tactics?

The transcript recommends assuming online posts are discoverable even with privacy settings enabled, and being cautious about what employees share about company technology and secrets. It also advises not throwing away sensitive information without protection—shred documents and use proper disposal for electronics. For shoulder surfing, the guidance is to ensure others can’t see screens or passcodes, and to avoid discussing work details in public where unknown listeners could be collecting information.

Review Questions

Which specific types of personal or company details gathered during recon are most likely to support phishing or impersonation?
How do dumpster diving and shoulder surfing differ in the kind of information they harvest, and what defenses address each?
What role do OSINT tools play in scaling social engineering, and what does that imply for personal privacy settings?

Key Points

1
Recon often starts with publicly available information from social media and search, then gets repurposed for phishing, malware delivery, or impersonation.
2
OSINT tools automate discovery across platforms, including username mapping, location-based social searches, and domain-based email harvesting.
3
Dumpster diving can recover sensitive data from trash—especially mail and discarded documents—making shredding and proper disposal essential.
4
Shoulder surfing includes watching screens and passcodes in public, plus eavesdropping on workplace conversations that reveal technical details.
5
The most effective defenses are behavioral: limit what’s posted online, train employees not to overshare company information, shred sensitive materials, and reduce opportunities for observation.
6
Because these tactics depend on human behavior, they can be hard to stop with technology alone; education and process matter.

Highlights

Recon can be as simple as harvesting details from Facebook, LinkedIn, and Twitter, then using them to craft convincing scams or impersonate trusted contacts.

OSINT automation can quickly connect usernames across platforms and even pull location-based tweet data, shrinking the time needed to build a target profile.

Dumpster diving turns discarded mail and documents into actionable intelligence—passwords, email lists, and purchase orders included.

Shoulder surfing isn’t just about passwords at a keyboard; it also includes observing phones and listening to technical conversations in public spaces.

The defense strategy is largely human: assume online data is discoverable, shred and properly dispose of sensitive materials, and prevent screen-and-passcode exposure.

Topics

Social Engineering
Reconnaissance
OSINT
Dumpster Diving
Shoulder Surfing

Mentioned

OSINT