Home 0P3N Blog Social Engineering: Human Buffer Overflow Attack Overview
Ready to Start Your Career?
Create Free Account
thehhonestpirate s profile image
By: thehhonestpirate
July 18, 2017

Social Engineering: Human Buffer Overflow Attack Overview

By: thehhonestpirate
July 18, 2017
thehhonestpirate s profile image
By: thehhonestpirate
July 18, 2017

A Human Buffer Overflow attack is a concept that is almost unbelievable. When I first learned about the concept of a human buffer overflow attack, I couldn’t believe what I was reading. I was captivated by the concept and decided to study further into the roots of the human buffer overflow and why it works. I recently talked to my non-security literate friend about this attack and I watched as they raised an eyebrow questioning the validity of what I was telling them.

If you don’t know what a buffer overflow attack is, it is essentially overloading a system with information to inject your own commands, a human buffer overflow is a similar idea, the human mind processes 500-600 words per minutes and we are only capable of speaking 150 words per minute. If you do the math on that, we are more than capable of processing a full conversation and likely can’t speak over 600 words per minute without raising suspicion.

The tactics used in this attack, like most social engineering attacks, have a deep root in psychology and use this to manipulate the weaknesses of the human mind.  This attack is not something you can just pick up and learn within a day, it requires practice and study. A very interesting concept that is used in social engineering is the technique of embedding commands into your sentence, the general concept of this technique is to emphasize certain words within your sentence so that the subconscious picks up on the emphasis but the conscious mind stays unaware that it is being manipulated.

Example:I will put the words that should be emphasized within parenthesis.

I would like to (follow) what you are saying, however, personally I like to think about how it would affect (me).

Emphasizing these words properly would inject the command to follow me, and if it is executed properly, it will make that person more likely to feel compelled to follow you. The commands typically need to be short usually between 2-4 words, and you must make sure your body language is staying in tune with what you are saying. If you emphasize them too much, you may raise suspicion among the target. This is why it requires practice, you must be able to control your facial and body language to reflect what you are saying.

This technique has a lot of room for error and it must be practiced for a long time to be very successful at it. As I mentioned, the person will feel more compelled to follow you, they will not always follow you, this doesn’t force their brain to give them the thoughts to follow you, it just makes them feel more inclined to follow you when the opportunity arises.  This is a very complex attack and I recommend everyone study more into it, this is simply an overview of the idea.


Source:https://www.social-engineer.org/framework/psychological-principles/human-buffer-overflow/
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry