Skip to main content

Trump - body language to look out for at his innaugural speech.

Everyone communicates using body language. Politicians just tend to do it in public with the cameras rolling so they are great to analyse. This isn't a critique of Trump or his policies, and I'm not saying if Trump uses body language naturally or through careful theatre, it's just a commentary on the body language that's used to communicate his points. Here are a couple of gestures that Trump uses repeatedly to look out for...

Precise point.
This hand holding something imaginary with a precision grip is to help get across that he is saying something detailed.

Exclamation mark!
Holding either one hand or two hands with the index finger vertically acts like an exclamation mark. This point is important. Trump often uses this next to the precise point hand gesture mentioned above.

Trust me.
This posture showing open hands in a very non aggressive way is to show that he is not a threat. Interestingly he often combines with with his most inflammatory remarks about people.

 
Air quotes.
These are the quotes that Trump seems to struggle to use correctly on his twitter account, but in his speeches he uses them correctly and subtly.
That's not how you use quotes...

You have to believe me.
The palm up is a sign of asking for a favour. Trump uses this not to protest his innocence but to say how unbelievable something is.

I'm the boss here.
Holding onto a desk firmly, shoulders slightly haunched tells others that this is his space. Trump is in charge of the room.

Dont blame me.
This wide exaggerated pose says "I'm innocent" and is used by Trump to emphasise that he isn't responsible for some things and cannot be blamed for them.

Social Engineering is a big part of a hackers tool kit. Understanding body language, what someone is telling you without using words, what they are feeling even when their words don't match their body, is an important aspect of information gathering. Equally knowing how to use body language to convey emotions and feelings to others can help you build rapport and convince people of your point.

Comments

Popular posts from this blog

Snagging creds with Raspberry Pi Zero and Responder

So this is not all my own original work. This is a bringing together of the ethernet gadget tutorial by lady ada at adafruit and the beautiful work by Mubix at room362 which uses Laurent Gaffie's from SpiderLabs responder.py scripts.

I'm still using Mubix's recipe of USB Ethernet + DHCP + Responder == Creds but here we are using a £4.00 Raspberry Pi Zero instead of the USB armoury or the HAK5 LAN turtle. Both are awesome products.

Please note that this only works on the RPi Zero. Other RPi's will not work!

1.0 Setup the the RPi Zero for Ethernet over USB
Download and install the latest Jessie Lite from here onto an SD Card.

Pop the card out of the card reader and re-insert it to mount it. Take your favorite text editor and edit the following two files in the boot partition.

config.txt Go to the bottom and adddtoverlay=dwc2as the last line:



Save the config.txt file.

cmdline.txt After rootwait (the last word on the first line) add a space and then modules-load=dwc2,g_ether


Munging Passwords

Password munging is the art of changing a word that is easy to remember until it becomes a strong password. This is how most people make up passwords.

Munge stands for Modify Until Not Guessed Easily.

The trouble is that it doesn't work very well. We can guess the modifications.
Password selection.
Take the average office worker that is told that it's time to change their password and come up with a new one. They have just been on holiday to New York with their family and so following common advice they choose that as their password.

newyork

No! They are told they must include capital letters

NewYork

No! They are told they must include numbers

N3wY0rk

No! They are told they must include a special character

N3wY0rk!

There, now that's a password that meets security requirements and our office worker can get on with their actual job instead of playing with passwords.

Scripting similar munges
There are a number of ways that they could munge their password but the vast majority ar…

Anatomy of a phishing campaign

This is the story of a phishing email that came across my desk. It's good to take a look at what the bad guys are doing sometimes. It's often not rocket science but it's handy to keep an eye on the simple techniques used. And if this isn't your day job you probably don't get forwarded a huge number of phishing emails, malware to analyse or dodgy sites to investigate. In fact hopefully you do your best to avoid all of those things.

The Attack Chain So this particular phishing campaign started as many others do with a simple phishing email.


It's not an aggressive email, it's not selling itself too hard, no spelling mistakes, no funny looking URLs and it's pretty simple. There's only one link to click on.

Just a quick note here about clicking on links in nefarious emails. Don't do it unless you are ready to. This link could trigger some malware, it could be unique to the targeted email (so the attacker knows the email address is valid), it could p…