• Safe and secure

  • Quick and easy

  • web-based solution

  • 24/7 Customer Service

Rate form

4.4 Statisfied

783 votes

Notes: A Stepwise Guidebook on Signing Tn 304 Form Online

CocoSign provides wings to your business by simplifying document workflow and optimizing business processes. Want to know more about the Tn 304 Form ? Read on to find out how to sign and fill your form quickly and easly.

Get the form with a single click

e-Sign the form online

Save the signed form

  1. find the right form suitable for your needs on CocoSign
  2. click "Get Form".
  3. Browse through the document and determine which parts are needed to be filled.
  4. Enter the important details in the customizable sections.
  5. Verify the entire document for any potential omissions.
  6. insert your electronic signature to authenticate the form with the signing tools on the dashboard.
  7. click the button Done after filling the form.
  8. Now you are able to save, print and share the completed form.
  9. Feel free to contact our CocoSign Support Team in case any question arises.

Irrespective of sector and industry, CocoSign stands to improve your document workflow digitally. e-Sign documents hasslefree with CocoSign.

Thousands of companies love CocoSign

Create this form in 5 minutes or less
Fill & Sign the Form

The Definite Guide to Tn 304 Form

youtube video

Check How to Enter the Tn 304 Form

good afternoon everyone we have Joe gray.he's going to be speaking with us about.a social engineering using social.engineering for a penetration testing.he's going to be sharing with us a lot.of useful tools and techniques advanced.penetration tools and techniques and he.will also share with us some ethical.considerations and social engineering so.welcome - thanks very much.can everyone hear me okay you're dining.the mic a little bit closer okay I know.I've got a very soft voice.so yes I'm Joe gray we'll be talking.about basically using open source.intelligence Aricent to supercharge your.social engineering attacks but at the.same time at the very end I'm going to.drop a little bit of training wisdom as.well because well not ever win it here's.a red teamer not everyone in here wants.to be a red teamer and realistically.when you're writing your reports you.need to have recommendations so here's a.few for you to use before we get started.a mandatory thing here the thoughts and.opinions are mine mine alone do not.reflect those of IBM with that being.said about me I'm a senior security.architect at IBM I used to be a system.admin security engineer consultant a.little bit of everything.I won the 2017 der beek on social.engineering capture the flag I used to.navigate submarines and that's I'm being.purely serious there there's no jokes.with that although I do still like to.watch competitive submarine racing from.time to time I do write blogs from time.to time as well I have my own blog and.podcast advanced persistent security and.I do tap out a lot.Brazilian Jujitsu some people probably.call it training but I would say 98% of.the time I'm tapping out so well you.know Helio Gracie said you either win or.you learn I learned a lot anyway so with.that being said just to somebody share.with you my goals I just want to let you.know about open source intelligence.about social engineering various types.of social engineering we're not going to.really get into the weeds about things.like dumpster diving and baiting.although they're fun that's really not.what I'm going for with this we'll cover.a little bit of the application of.social engineering using ascent to do.better social engineering and then some.mitigation and training so social.engineering it is the art of human.hacking it's taking human psychology.misusing it to get people to do or say.things they should not do if you want to.read up on it these three books are what.I would recommend starting with you have.Christopher had naggy on the left with.social engineering the art of human.hacking I consider that a seminal work.kevin mitnick's art of deception that's.also seminal in the field of social.engineering but then the center one is.by dr. Robert she'll Dini influence and.from that we're gonna get a concept that.I'm gonna cover later the six principles.of persuasion he is a legit psychologist.he does not deal with social engineering.he's been on Christopher Hatton Aggies.podcast a few times but he doesn't call.people and get them to give him their.passwords on a daily basis he analyzes.and does what psychologists you so with.the pioneers in the top left here we.have kevin Mitnick the top right we have.dr. teal DeeDee Christopher had naggy on.the bottom right does anyone know who.the gentleman on the bottom left is.anybody anybody seen yes anybody saw.this movie.that's who Leonardo DiCaprio portrayed.so it's Frank Abigail he's really a.pioneer of social engineering before it.was called social engineering if you've.seen the movie you can.think back to when he was buying those.airplanes and soaking them in the.bathtub to get the stickers to come off.so he could put them on checks which is.not social engineering but he was crafty.about his impersonation if you think.about the scene with him in the room Tom.Hanks comes in he impersonates another.law-enforcement officer hands him his.wallet that has his badge in it and all.it was was wrappers off of everything.that was in the room that he had folded.up to feel like a badge he told Tom.Hanks oh yeah we've already captured him.he's going out to the car there was a.guy walking to the car so yeah that's my.that's my partner Tom Hanks looks out.the windows like okay I'll sit here and.wait and we'll debrief it I would like.to be with you when we do the perp walk.and out the door he goes into the car he.gets he waves at Tom Hanks and leaves.Tom opens the wallet sees what it is and.feels pretty dumb it's okay.so examples of social engineering we we.already know about phishing it happens.all the time right I mean I we would be.hard-pressed to find a single person in.here with an email account period.everyone has them I mean children had.them when I have children I will.probably score email accounts for them.within their first month of life so that.they don't have to fight for so for the.same account later and I might I might.even do something sentimental and send.them emails or something I don't know.and be like hey you're old enough to.read here check your email I don't know.and I guarantee you even though that.would not be I guarantee you that email.address would still get spammed with.phishing attempts even though it would.not be used for anything actually I.probably register social media accounts.too but completely different anyway.spearfishing.that's just ultra focused fishing you've.got whaling the big fish right sea.levels that's my personal favorite and.I'll explain why in a little bit fishing.that's your voice fishing that's when.you call somebody from their phone.number when they're drunk and you start.talking to them and convince them that.you are their conscience and they should.do this or that.not to say I've ever done that to.somebody.we've even moved to the point of using.SMS texts for phishing and that's what.smishing is then we've got baiting you.know you get a thumb drive.you put a macro enabled Word document.with a few goodies on it.fix our sticker to it that says company.cutbacks layoffs bonuses w-2 competitive.intelligence I don't know whatever and.you drop it and you wait one of my other.favorite baits I like to get posters.printed and put in break rooms posters.those are in oculus right you can't do.anything with that oh I beg to differ.because you can have a lot of fun with a.QR code you can actually build that out.in the social engineer toolkit put it up.there I guarantee you like I used to.live in Atlanta I've since moved but I.always made the joke there's that one.part of town that's just nothing but.hipsters right I guarantee you I could.bait that entire part of town with a.single poster with two QR codes an ounce.a modest mouse concert with one dollar.PBR and three dollar craft beers must.scan the QR code to get the free beer I.guarantee you I'm probably gonna get.greater than 70 percent of that part of.town guaranteed and if you have a guy.down the street with like a beard.pitching it especially if he's wearing.flannel oh yeah it's gonna go to like 85.easily that I've never done.I've always joked about it dumpster.diving we know you're just basically.pilfering through someone's trash to.find out what they did not care about.you're trying to find things like.spreadsheets passwords that people had.written down you might just find out.about how things work you might find.vendor boxes knowing what technologies.people use that's very important you do.not want to go burn a windows exploit in.a Linux environment or vice versa you.don't want to try to attack a routing.device with a cisco exploit if it's.juniper right so knowing these things.this is all open source intelligence.that you can actually.use to do better social engineering.tailgating I mean that one's easy you.find the smoking area of an organization.they all have them you wait until.everybody's out there and you come.strolling up like you own the place have.a badge like if nothing else just like a.state password inspector bad it's just a.badge a lanyard similar to what they're.what they're wearing and you stroll up.with a dozen doughnuts and coffee I've.seen this myself they will break their.neck and put those cigarettes out fight.each other it's like running up the bull.for them to get to the door to let you.in because they want a free doughnut.alternatively you can use ladders you.could have a toolbox there's so many.things you could do it's not just the.smoking area but they are easy targets.so goals of social engineering these are.the six principles of persuasion so we.have reciprocity commitment and.consistency.social proof likeability Authority and.urgency scarcity so if you want to think.about how these are applied think about.the last time you bought a used car and.I pick on salesmen with this all the.time for one simple reason.sales it's basically social engineering.that's all it really is so let's just go.ahead and eat that on the way I.apologize to any salespeople I may have.offended but if you go back to that.earlier slide and see those books I.recommended I guarantee you you'll get.more sales if you follow this stuff.ethically but with that being said so.you're trying to buy a car it's like hey.you scratch my back I'll scratch yours.you pay an extra $300 for this car I.will throw in maintenance for life.most the time that package is only 250.but okay commitment and consistency man.I have been selling you cars for the.last 25 years I would not do you wrong.we have a good relationship social proof.you're there you're looking at a z4.roadster you know you're just walking.around you don't have a ring on your.finger you're just chillin car salesman.walks up oh yeah you get this thing we.get all the chicks yeah.all the cool kids are doing that okay.cool well you know I was really just.looking at it because my will is getting.changed but thanks.urgency and scarcity oh yeah there was a.guy down here at the car lot the other.day actually he was just here about 25.minutes ago he left went to the bank to.get financing I tell you what if you can.get financed first it's yours.all right no guy there who goes to the.bank to get financing for cars now most.the time if you're gonna do it the right.way you get financing before you even.show up on the lot and then you haggle.and haggle and haggle them let them.think that they're about to make some.money off of the financing agreement and.then you say no I don't I don't like.that I want to pay five hundred dollars.less than what you're saying oh we can't.do that I got cash money right here oh.yeah we can do that works the one I did.not mention is Authority that one it's a.little bit trickier because car salesmen.don't really have anything to use in.terms of authority.you know people working at big-box.retailers they don't have it either but.what I will reference as an example.would be when you get that ransomware.email the the fish that's trying to get.you to click so that you can get the.ransomware and it says that multiple.pornography's bestiality and all these.other disgusting things have been found.on your computer click here and we will.alert the Microsoft's and get it.eradicated from your system because it.has the FBI warning that is using the.authority a while back in my previous.life I was doing a phone pretexting.engagement and my target was to keep it.as vague as possible they were kind of a.government kind of not I'll just leave.it at that but I just called and said.hey I'm operating on the authority of.such-and-such which I had found on the.Internet as the leader of that.organization and he's commissioned this.survey do you have like five minutes.answer these questions and I'm going to.tell you now some of these questions are.ridiculous I just have to ask them.because that's what he said to ask and.because I said such-and-such and these.people know such-and-such they're like.yeah I make five minutes for.such-and-such oh thanks so and it.it worked because I'm using a name they.are familiar with and it's an authority.figure.so with this social engineering we're.trying to get people to do one of two.things you can boil it down you either.want them to tell you something or do.something tell you things well what's.your password or actually you know what.what was your mom's name before she was.married yeah before she was married I'm.sorry okay I can now reset your password.because that just got your mother's.maiden name because I did not ask it as.your mother's maiden name had I said.that you'd been like yeah no all right I.know I should have took the mic.alternatively something I'll do around.like when I'm at conferences I'll just.stroll up to people random people in the.street I do it for fun but I also do it.to stay sharp and I'll be like so you.from around here.you know I grew up like 30 miles dumber.oh yeah me too I grew up on Locust.Street what about you oh did you go.which school did you go to okay oh no.y'all were my rival I can't talk to you.I'm sorry well judges can and at that.I've not said anything definitive I've.not really said much of anything.honestly I've put a few things in their.mouth in terms of things that I might.know where right or wrong to get them to.correct me or accept it and I mean every.city has the tree named streets Elm.Street Main Street Main and Elmer just.to cliche I typically go with Locust or.walnut just because it's not as cliche.but anyway something to that effect.anyway other things that we might try to.get them to tell us something it's not.readily available during the sec TF I.had a person on the phone I was like hey.um can you press the little windows icon.in the bottom left hand corner yeah sure.okay now can you type VI TL okay.it says BitLocker okay cool thank you.very much so okay that tells me number.one they are using a Windows system she.is going to do whatever I ask her to do.and three there's a good chance they're.using BitLocker for encryption later on.in the exercise I had some I called the.one number got forwarded to I T the guy.in IT when I did that to him he.like well yeah it's windows of.course--but lockers installed but we use.Symantec I was like Oh to his defense.though I was spoofing an internal phone.number and I was calling from the.Microsoft Office 365 email migration.issues hotlines I tried to call the.number last night and it is dead now.their deputy sisa was in the room as it.happened it he turned green he had just.been talking on Twitter a few days prior.about how there was a major security.event coming up for his company and he.couldn't wait to see how well they.withstood it I hope it was not talking.about that and then like three months.after the thing was over I saw that he.had viewed my profile on LinkedIn I was.like whatever here's a little salt for.the wounds here's a connection request.so and then think about this with.salespeople right oh you're not the.decision-maker.Oh could you please tell me who is oh.you're not the right target tell me who.the better target is Thanks or think.think back to the last time you dealt.with a security salesperson or just a.technology salesperson in general tell.me about the problems your organization.faces oh oh you say you're having Active.Directory issues and and your 2fa is not.working hmm Thanks performing your.action we already know open an email.click a link here's another one I'm a.huge fan of call up their firewall.administrators and get them to open like.port 4444 it's Metasploit nothing big.yeah whatever but if you can get them to.open a port and let you in why why burn.your exploits and beat your head against.the wall trying to get a sequel.injection to work on some ultra.segmented public-facing web server when.you can get access to everything because.you just got a firewall port opened I.mean it might take a little bit more.work and.you might have to tiptoe tap dancin and.you know do the ballet over the phone.but hey you know if you're like me and.you talk a lot it really doesn't matter.so transitioning what is OSINT it's.basically anything that you can get from.public information sources the CIA.actually has a definition on their.website and that's where I kind of get.this from and basically you're getting.it from various media sources like mass.media another good place conference.proceedings like I Triple E conferences.when people come they present things and.they have to publish a paper yeah that's.a perfect place to do it why because.people are talking about the.technologies they're using problems they.face and other things like that so it.works amazingly we already know the.internet if you're going to do OSINT I'm.going to go ahead and tell you your.Google foo has to be strong specialized.journals geospatial data like Google.Maps Bing Maps for example during the SE.CTF one of the flags was who do they use.for deliveries well I was just driving.around the building on Google Maps and I.see this big boxy Brown truck backed up.against the building I was like check.ups then I went further around the.building and I saw a bunch of FedEx.trucks and I was like hmm.I almost said FedEx too but then I.zoomed out a little bit and FedEx had a.facility across the street either right.you've got that resumes I go and look at.indeed resumes all the time.for example and actually I'll dial that.back for a moment the careers page of a.company they some of them are very.descriptive some of them not so much my.target during the SEC CTF they were.looking for an Oracle ERP consultant.that had specific experience with.version 12.2.2 exploit DB and I found a.server side request forgery in a sequel.injection vulnerability thank you very.much and come again people put things in.their resumes because it's technologies.they've used and they need to let their.employers know about that they don't.have to put this specific version like I.have no problem saying yeah I used to be.a.had administrator on like 6.7 okay its.Red Hat 6.7 no big deal it's an.operating system the world the sun's not.gonna fall from the sky if you find out.someone's using Windows 10 right that's.actually a pretty safe assumption the.Sun may fall out of the sky if you find.out they're using XP but that's a.completely different problem but anyway.so there's really only one major ascent.pioneer and that's Michael basil here.are his three books the sixth edition of.open source intelligence techniques just.came out I recorded a podcast episode.with him a couple of weeks ago and still.trying to finish editing but he actually.released his own ascent oriented Linux.operating system called busca door and.it's pretty amazing.but with Michael basil I couldn't get a.picture to put up here of him just.because he doesn't allow photography of.him if you take his class you're not.allowed to take pictures period I having.met him in real life I will say there.are pictures of him on the internet but.there are a lot of pictures that say.they are him that aren't him be a zz e.ll you'll see his website when we get to.the demo portion the talk I'm giving.next week at besides Nova called.decepticon deals with a lot of the.concepts that are in his hiding from the.internet book and it's basically.deceptive engagements to make sure that.well it's not making sure it's just.making people's jobs of collecting Oh.cent on you a lot harder because I mean.if I go to collect a cent on someone and.they come up as a ghost I immediately.knows something's up immediately no one.is a ghost either way where can you do.this well bars it's a great place you.know all the employees of or all the.students from sets in college go to I.don't know bad monkey whatever random.bar will you go you hang out at that bar.you wait for him to show up you you have.your listening ears on you might even.wear headphones with nothing playing.it's a good thing about Apple earpods.actually people never know if you're.listening to anything or not you're like.no I'm just a tool.I say that but I actually went bought.air pods yesterday so but that's mostly.just because of the volume of meetings I.have with work now and I just hate.having to sit there with a phone up to.my ear muted for so long anyway malls a.few Christmases ago I was walking around.a Macy's now here a guy on the phone.with his bank spelling his credit card.number out in its entirety in the middle.of the store I was like I couldn't hear.you yeah he didn't repeat it for if.anyone wants a credit card number though.I'll give you mine and it's four eight.six seven five three zero nine nine zero.three five seven six eight four again.as for 867-5309 yeah there you go I was.waiting I was waiting anyway.family and friends who in here does not.have a social media account mmm.we got one what about parents siblings.children friends yep game over thanks.for playing actually I highly yes well.there's that I have several in my name.and other names but with that being said.my recommendation is actually if even if.you don't use it create one in your name.and when that's not in your name so that.you can actually watch and see what.people are trying to do and say that.involve you because your record already.exists would you rather be the one to.control it or would you rather it to be.some malicious actor that has no ethical.obligation to do anything right back.windshield I have far too much fun with.this I can't count the number of times.I've almost crashed my car taking.pictures of them.but I do it all for you.forums job boards so on with my se CTF I.actually identified I was searching for.the syntax of their email accounts and I.came across this email address and he.had been a systems engineer and he was.talking about a problem with their.backup solution I was like okay well I.went looked him up on LinkedIn he had.been gone from the company for almost a.year well I was able to use profiler.which is a tool built into recon ng to.enumerate the user name he uses.everywhere I went to his Facebook in his.Twitter and verified it so then I did.another search and here comes a github.repo there we have Nagios scripts we.have scripts of dealing with Red Hat.satellite server synchronization we have.a thing that's dealing with a tool.called Netflix ice which is used to.estimate your AWS costs for a month and.for whatever reason he left the company.in July 2016 the last time he committed.anything to those where he posed was.June of 2016.hmm but he had a bunch of other new.trees at they were very similar so it.gave me a lot of insight on tools and.technologies that they were using as.well as programming and scripting.languages they were using all because I.knew his user name I mean if you pay.seven dollars a month you can use.private repos and a company like this.was a fortune 500 company you can't tell.me they probably didn't have an internal.github bitbucket or something along.those lines whatever back windshields.what can we see here all right so let's.think of this from a non social.engineering lens for a moment we're.gonna be criminals for a second we're.gonna break into this house so here's.what we can ascertain dad he's either a.gym rat and ultra ripped or he's got a.dad bod and thinks he's ripped.he's probably he probably goes to the.gym at 5:00 in the morning or 5:00 in.the evening near daily you might catch.some Saturday mornings running 5ks and.when I say running I mean running like.the first like quarter of a mile walking.the rest until he's like 10 feet from.the finish line Indian finishes strong I.I can make that joke because that's.actually what I do mom.mom's a teacher if you're gonna break in.you're gonna want to do it during school.hours not on a federal holiday or in the.summer John he plays soccer he seems to.be an old enough to worry he's probably.playing competitive soccer a little bit.of more recon and you could probably.find out how old he is and you can.probably get his team schedule Neal he's.a skater get a Thrasher shirt and a pair.of etnies shoes and a skateboard.introduce him to the misfits I guarantee.he's never heard of them his mind will.be blown forever his mind will feel like.mine this last week after conversing.with Jack on Twitter about Marianne.Faithfull I don't know if you're.familiar with the name she's like Mick.Jagger's ex-girlfriend she wrote sister.morphine any Metallica fans in here.might remember her from the memory.remains she's that woman the one with.the crank box in the video but I.listened to her solo work and my mine.was absolutely blown I was like man Jack.stop blowing my mind like that that's.what he was listening to when he was.doing CFP reviews but anyway Jessica is.a curve ball we can't tell any hobbies.of hers we can't tell anything about her.age except that she's likely younger.than John and Neil beaker and Ruby.that's where it gets fun we can see that.Ruby is a hound hounds howl and bark.don't be harmful to the dogs take dog.biscuits so you got to do it's very.simple timing we can't talk about timing.without having some flava flav right.so it's a transitioning point because.you've got to take your time in your.social engineering you don't rush when.you rush you make mistakes with Oh send.the same thing but at the same time it.Oh sent you might you may be beating.your head against the wall and then you.find one little thing you go down that.rabbit hole you're about to call it.quits and then you find something.Yury you go right back to the beginning.of the process and everything unravels.it happens all the time it gets tricky.if you're doing it as a consultant like.if you're a pen tester because you're.going to have an allocated bucket of.hours so your quality is going to vary.based on that but if you learn more.efficient ways to do it using some of.the resources and what I'm about to show.you you'll have a lot better luck and.quick attacks they're sloppy you have.spelling and grammar errors you might.out yourself with things you might.accent I always send myself a test fish.before I send it to anybody else.you know if I were being sloppy I might.accidentally send it to myself and them.or I might send it to the same people.multiple times in a short period of time.it's like hmm they're testing something.out mmm gotcha.anyway so how do they mesh they both.have similar properties in the fact that.they deal with human nature and ignorant.things that people do and when I say.ignorant things I'm not saying that.people are dumb stupid or any of that.it's just that they may not be aware of.it we're in a time when it is normal to.overshare there are people on my.facebook account I can tell you where.they're going to dinner tonight because.they're creatures of habit I know.everything they eat I know their bowel.movements.because they share everything but you.get this and you could build a better.content for the context if you know for.example something that I learned during.the sec TF everybody in Louisville.Kentucky they love three things they're.foodies they love their bourbon and they.love craft beer I'm not a whiskey person.I'm straight-up tequila Jean can attest.to that and with being a foodie that's.the tough one that's too broad so when.I'm on the phone with these people one.of the flags was what's your work.schedule so I was like oh happy Friday.yeah you know so I work in the internal.cybersecurity office we've got an.external audit coming up and I'm just.updating the records to make sure that.everything that we have is correct you.have a few moments yeah what time did.you get out here 4:30 oh man I get out.here at 5:30 I can't wait to go home I.just got this new craft beer it's.amazing.oh yeah it's really amazing I love craft.beer it's like oh thanks instant rapport.I wouldn't even have said that if I.hadn't been stalking a vast majority of.that company's employees in fact most.all of them like to craft beer and if.the person hadn't I'm like craft beer I.would probably took a stab at bourbon.wouldn't it worked out of crashed and.burned but yeah whatever then you can.also use it to to look for things like.passwords there's a there's a tool on.github now I didn't write it but I do.love it it's called password ology PWD.ello Gy and you input certain.information about your target their.spouse their children their parents.names their pets names their dates of.birth all sorts of things and it runs a.substitution against it and builds an.intelligent password list against them.these are things that you can find out.from Osen you don't even have to talk to.the person you can go to Family Tree now.true people search ancestry.com and find.out everything about these people.there's some of my favorite websites.anyway so collecting OSINT it's all.about the single piece of information I.always relate it to Weezer's undone song.right because if you want to destroy my.sweater you must pull this string as I.walk away right it's a single string.that you're pulling you're trying to.unravel this sweater of ascent so that.you can make a nice yarn ball for your.cat right or whatever it could start.with a business or an organization's.name for the sec TF you just get the.business name it could be a phone number.if I have a missed call from a number I.don't recognize first thing I do yep I.go searching ah no scam don't want it.done physical address metadata Josh Huff.has done some amazing research on.metadata from pictures he enumerated.some people with his 2016 Derby con talk.he was able to figure out who it was.that shared a picture they had taken a.picture of the gas pump bragging about.the prize her griping either way.they were talking about the price in the.reflection from the glass of the gas.pump was a taillight of a car through a.little bit of refinement and reverse.image searching he found that it was a.2006 to 2011 Dodge Durango dodge.Durangos were available in those years.in the following colors oh this is kind.of a grayish color so it's this okay so.then he was able to look in that area.and see who has that vehicle in that.area right you could even go further and.look and see even when like Facebook and.Twitter they've started stripping.metadata out so you can't find out all.the really juicy stuff you could still.find out what kind of phone it was.taking on I mean most people don't take.pictures on cameras anymore they use.their phone so you can find out Josh.Huff H uff he's on twitter at bay wolf i.think BAE wolf 88 think about this.harmless surveys I was in a Bass Pro.Shop they're like hey felt this survey.and you can get we're giving away a boat.and a fire.all our Amazon giftcard okay and just a.toe that accident is very authentic I.actually grew up in eastern Tennessee I.just dropped it when I was in the Navy.the officers were making fun of me so.like they wouldn't take me seriously I'm.being totally for real but you know.depending on like what I'm doing the.pretexting calls if I'm calling somebody.up in Alabama I'm not going to talk like.this I'm glad man how you doing how's.your people you know it's just how it.works I don't try to impersonate accents.like I would never be like oh good time.aight i don't know how those accidents.work I mean if I'm talking to somebody.that actually does speak with that.accent they're gonna be like man this.dude is full of it click oh but anyway.the surveys think of what you could get.out of people if I could get permission.to do so I would love to set up a booth.and giveaway at Amazon or a Starbucks.some kind of gift card something of.value for people to fill out this.harmless survey all I'd ask for is first.name last name email year of birth.address mother's maiden name favorite.pet's name make it model of car I.guarantee you it would just be an.absolute killing machine of gaining a.scent if I were to do it I would.actually have a shredder right behind me.in the second they do it just shred it.but you know that's part of the whole.ethical thing but I'll get to that.marketing right sales force Facebook.retail stores we all know about Facebook.as of late dealing with the Russian.disinformation right pull that yarn a.little bit more you might find some.stuff and password dumps if nothing else.you can use have I been poned to find.out who uses their work email for what.public records court records SEC filings.it's all about the profiling is it once.and done nope you might have to do this.several rounds to get it like the sec TF.you're dealing with in in the case i of.my competition it was a fortune 500.company with numerous sites i had three.weeks to collect all.the flags I spent a lot of time doing it.if you're doing it as part of a pin test.you're not gonna have that kind of time.but you got to be efficient so you can.go back and refine when necessary here I.reiterate the six principles you know.reciprocity commitment and consistency.social proof likability Authority and.urgency scarcity so let's apply those.principles to connect and contact you.know that they were on vacation in.Mexico three weeks ago.or better yet now during the SCC tf1 of.their senior vice president's tweeted to.United Airlines complaining because he.missed a meeting in Amsterdam because.his flight was delayed in Newark if I.wanted to fish him and it was authorized.which it wasn't I could have sent him a.fish claiming to be with United Airlines.customer service he was probably taking.the bait so he could chew me a new one.and then I would chew him one right back.without him knowing the subtle chew same.thing with the vichy if you know about.your target like I was doing a pre.texting engagement we had a guy that.answered the phone I knew he's having.some baby mama drama so I just pull up a.youtube video of a baby crying put it in.the background while my coworker that.was female was having problems at.Walmart and needed her card unlocked yep.he actually held to his guns though.their CFO not so much he had local admin.too so with that we called him up we.said we spoofed an internal number we're.like yeah we're from legal this kid we.go to church with he's trying to get an.internship at the FBI.we knew vo sent that this financial.institution had been robbed like he's.trying to get some data for this.research he's doing for college he goes.to such and such school about the.financial impact of what happens when.banks get robbed like how does it affect.the bank financially he's called all.these other banks they just ignored him.one threatened to call wal on him you.think you could help him out he's a real.sharp boy yeah yeah okay thank.very much what what email address do we.haven't sent it to just send it to my.work.okay can you confirm what it is yeah.buhbuh buhbuh better thanks I already.had the email account created I had the.email staged I was just waiting for the.email address I waited I think I set my.timer on my phone for 7 minutes and 43.seconds just because it wasn't some it.wasn't a standard number then we sent it.there was a link in it it just went to a.page that said unavailable that was it.he clicked it not once not twice not.three times 15 times on his computer.then he opened it up on his phone and.clicked it about 5 more but wait there's.more he emails me back.hey buddy that link don't work can you.send that to me as a file so I run over.to the pen test practice leader Mike hey.man I was like I need some payloads he's.like what you need I was like well.here's what's going on he's like alright.here's an executable and here's a macro.enabled word doc alright thanks so I.sent him the macro enabled word doc he.opens it it looks funny he closes it he.opens it again his AV picks up on it he.emails me back hey buddy there's.something wrong with that file that gets.corrupted can you do you have another.file format can you download it again so.I just send the executable.that's how we found out he had local.admin because the pin test team was able.to take over some stuff run me me cats.and get da in a very short period of.time.yeah that day was a good so before I get.to the demo portion let's talk about.mitigations right so you can use.technical mitigations like proof point.for example it'll append or prepend.the word external to the subject line I.will tell you from my experience it.slows some people down but it doesn't.work completely when you buy the dot us.that goes to your target companies comm.and you email claiming to be their CEO.oh that's about to be promoted to CEO.they still open it it doesn't matter.that it says external alright I'm a.system must be broke I team doing her.job again malware protection it's not.gonna saw you from phishing but the.reality is you people are gonna fall for.fish I've almost fell for fish lately.because they were like really solid but.you need the protection don't look for.an absolute solution that's just not.going to happen that's naive IDs and.updated signatures there are some things.that travel only across email your IDs.can actually assist you with that you be.a does some things but honestly phishing.your employees whether you do it.manually automatically using something.like fish me that works or you could.just pay a firm I'm sure John strain and.Black Hills would have no problem taking.your money to fish your employees.phishing is something I think that you.could probably get away with doing.without betraying your employees trust.Oh sent on the other hand don't if.you're gonna do your own Oh sent do it.exclusively about the company and.company only if you do it about your.employees number one you could be.violating laws number two you're going.to betray their trust and number three.do you really want to know that kind of.stuff.don't answer that because you probably.do.so that's one that I would certainly.recommend paying someone else to do.it's they can parse out and say they.don't need to know about her baby her.baby daddy drama they don't need to know.that he's single and ready to mingle.they don't need to know this they need.to know what impact it has on the.company and yes I could use that baby.mama drama or the desire to mingle I.could use that against them but quite.honestly everybody's got something in.their closet their skeletons they're.don't cross that line now if they're.posting a picture of their badge on.Facebook ask someone that works at the.company that I targeted for the SEC TF.did now that that's worth letting the.company know about because I now know.what their badges look like I can just.go to Sky dog and be like hey you.remember that state password inspector.badge can you make me one that looks.like this oh yeah here step back to let.me take your picture Thanks you can have.policies you're acceptable use policy.should and should have something to go.with it you should be doing awareness.and shoot address personal devices.standards of conduct has some impact but.it's limited because people are going to.do what people do and that's pretty much.what they want but you need to train.them train them about insider threat.active and passive an untrained user is.an insider threat it's a passive insider.threat because they're not actively.trying to be malicious but because you.have failed to train them you've created.your own insider threat train your.people about social engineering and.ascent let them know what people are.capable of have recurring training.I recommend quarterly do your hour-long.training to check the box because we.know that training is mandated by.compliance and that's why we do it in.the first place but do the one to check.the box and then do quarterly beyond.that address new threats new TTP's.things that you've observed give kudos.then fish them some more base your.training on the outcome of your tests.you should have employee based training.based on their role it is not unusual.for HR to.have to open an email with an attachment.and open the attachment right somebody.signs an offer letter how do you think.they're going to get it.contracting sales accounting they're all.expected to open emails with attachments.and open the attachment they're going to.be more prone to getting fished train.them but at the same time have a.non-punitive policy don't throw the book.at someone because they click to fish.right if someone clicks a fish in my.organization and they report it to me.nothing will happen to them I will.protect them I will train them the.training may be painful but they will be.protected if they do it consistently.like every single fish 17 times in a row.that's a different problem take that up.with HR but train them integrate it with.your IR plan yes to my knowledge there's.really not one right now absolutely.[Music].thanks for segwaying to the next slide.so you need to have a policy that.clearly defines who to report it to how.to report it do you want it to be via.email I'm gonna say probably not join us.be phone texts slack smoke signals.carrier pigeons Morse code what do you.have a can over your desk that they just.talk into the can across the wire hey if.that's what you do.I can guarantee you you're not gonna.have an external attacker listen to the.wire between the cans it's going to be.secure person you want precise actions.to do with your company policy and your.ir plan and your posture for doing.forensics and ir do you want them to.power the system down doing them to send.it into hibernation sleep lock the.screen I'm pulling it from the network.unplug it from the wall do nothing what.do you want them to do and I can't tell.you the answer because there's no right.wrong answer it's up to your.organization but define it and get it on.your employees desks like in the.military they have bomb threat.worksheets on every at every single.phone have a phishing threat worksheet.at every single computer use a specific.color of networking cable so that you.can tell someone hey if you click.something that's fishy unplug the yellow.cable if that's what you want to do go.for it make it easy most of your.employees are not security professionals.don't treat them like they are it's not.their role to figure out what is the.fish and what is not it's just the.reality of it consider gamification.don't let it blow up in your face like.it did with Wells Fargo but just think.of this if you have something of value a.gift card a parking spot a challenge.coin a yellow sticky of appreciation it.doesn't matter.something someone finds a value they.will write out their own siblings.children best friend lovers whatever to.try to get that win of whatever it is.take the doubt out of it don't make.people try to figure out what's going on.so I'm gonna shift over momentarily.I've got about nine minutes total so I'm.going to shift over here really quickly.and I'm going to show you some tools so.we'll start out here hello Facebook my.old friend right we're gonna look at the.thing called the live map you already do.some creeping I like to do some greatly.see if it loads because I'm piping the.Internet through my phone so oh no.they've changed it so check this earlier.Wow that's what it is yes they changed.the UI there was those birds that still.haven't hatched I saw that there.it just amazes me that someone will.actually sit and watch that thing I mean.these birds have been like nesting for.like seven times their gestation period.and still haven't hatched I'm pretty.sure there's nothing in those eggs or.something all right so let's zoom in and.see what we can see if anything they.might have changed it on me looks like.they have yeah nothing's showing up here.so in in times past what would happen is.you would have a bunch of blue dots and.you could click on it and see what is.live what people are doing you could.just watch it if their setting was set.to public so with this what I was going.to do would be here on Michael Basil's.Intel techniques website go to his.Facebook tool here and then scroll to.the bottom and right here with video.data you get this nice little JSON.output but there's nothing here so.they've obviously caught on to it and.shut it down but it would give you the.username latitude and longitude and then.I would then move here to Google Maps.and we would look at the outside of the.building of wherever they're.broadcasting chrome seems like Facebook.caught on to it so thanks Alex Stamos.thanks Zuckerberg so anyway let's talk.about some Google foo wonder what kind.of juicy info there is out there see.seems legit.okay so okay we're looking here oh.here's a phone number there's a website.okay we got that so we know they're at.Equifax com so let's do this now so.we'll do the site Equifax again I have.no problem picking on them and then.we'll do at that's so what we can do if.anything shows up we'll probably find.some email addresses this Equifax is not.really a good target for this portion of.it because realistically but this you're.trying to target their PR marketing.sales people but with this you could.just go and take a look okay here's this.data and then somewhere it's there but.cert and if you take the the site.operator out of that so if you just do.this now you're searching the entire.internet for those email addresses it's.a good place to start alternatively.instead of going with an email address.I'm just going to use something bogus.here but we see that on their all their.marketing material they use this syntax.for phone numbers I don't know if that's.supposed to be there I'm gonna be nosy.[Music].either way you can find phone numbers.and you the beautiful thing about phone.numbers is once you define the range.something I like to do I block my number.and in the middle of the night I call to.get their voice mails so I can confirm.the name and that it's a live number and.then I can find out more about that.person like their email address their.role etc all sorts of fun so that's one.Avenue to take here's the OSINT.framework this is written by Justin or.Dee.I apologize I can't zoom in on this this.tool you can find out so much other.stuff it links to all sorts of other.tools we can have an entire conference.all day about this tool alone but what I.pulled from this was I went to Edgar.because Equifax is a publicly traded.company so here's some data about.Equifax.actually right here is their SEC Form.10-k because they're publicly traded it.has to be public knowledge so here we.can find out all sorts of stuff so like.right there's there's if code there's.their actual address and then at some.point we'll find out more information.about employees like management while.I'm thinking about it let's just do this.right here will go to Bloomberg and.let's look for Equifax oh this might be.a little bit tougher oh here we go.it's probably not the best example but.one thing you can do like if they didn't.have all the news on them you can get a.company profile that will tell you their.physical address some phone numbers and.all of their executives every one of.them it might not be up to date I will.caution you on that it may not be up to.date but you can get it that's targets.to go after other things to look at you.can just go to their SEC filings page.all sorts of stuff here statements of.ownership all sorts of stuff more than.you can even imagine with it until.techniques this is another tool you can.use if you go to it and click tools.right here you can see there are tools.that deal with search engines Facebook.Instagram domain name IP address YouTube.reverse image searching paste bins etc.and these are basically structured.queries that Michael basil have written.has written and is sharing for use to.wrap things up I want to bring a little.bit of awareness to one moment.okay let me do this just to make it easy.there you go so I want to bring some.awareness to a project that I'm working.on it's in cooperation with peerless.that's called through the hacking glass.it's a mentorship thing where you will.either act as a mentor a mentee and we.will build things to allow you to learn.things that you won't get from academics.or certifications I gave a presentation.at noon on it for more information.there's the resources I've got a mailing.list for it set up you can find a link.to that on any of the peerless posts.about it that I've made or on the.Facebook page which is facebook.com.slash hacking glass so that's one place.to go if you want to contact me here's.how I can be contacted pretty simply.future speaking engagements I'm pretty.busy for the year and that's only until.June that doesn't include Vegas aside.from that any questions awesome.that one baby.

How to generate an electronic signature for the Tn 304 Form online

An all comprising solution for signing Tn 304 Form is something any business can benefit from. CocoSign has found a way to develop a easy, low-cost, and secure online software that you can use.

As long as you have your device and an efficient internet connection, you will have no problem esigning documents. These are the simple tips you need to follow to sign the Tn 304 Form :

  1. Discover the document you need to sign on your device and click 'Upload'.
  2. Select 'My signature'.
  3. There are three ways to generate your signature: you can draw it, type it, or upload it. Choose the one that you find most acceptable.
  4. Once you have generated the signature, click 'Ok'.
  5. Finish by selecting 'Done'.

Then you just need to sign your document and have it ready to be sent. The next step is up to you. You can send the form in an email.CocoSign makes all the aspects of signing an electronic document easy and beneficial.

You get many features like 'Add fields,' 'Merge documents,' 'Invite to sign,' and a few others, all meant to make it user-friendly and comprehensive.

The best thing about CocoSign is that it functions on all the devices you utilize, so you can depend on it and can sign electronic documents irrespective of the device you are utilizing.

How to create an electronic signature for the Tn 304 Form in Chrome

Chrome is probably the most welcome browser recently, and it's no wonder. It has all the features, integrations and extensions you can demand. It's extremely useful to have all the tools you use available, due to the browser extensions.

Hence, CocoSign has partnered with Chrome, so you can just go to the Web Store to get the extension. Then, you can sign your form directly in the browser. These are a few simple tips to lead you through the signing process:

  1. Discover the link to the document that needs to be signed, and select 'Open in CocoSign'.
  2. Use your registered account to log in.
  3. Discover the link to the document that needs to be signed, and select 'Open in CocoSign'.
  4. Direct to 'My signature' and generate your designed signature.
  5. Find the right position on the page, add the signature, and select 'Done'.

After following the above guide, you can either save the document or share it to as many recipients as you need.

You will find that CocoSign has made efforts to make your Chrome signing experience as pleasant and unworried as possible, by adding a wide range of handy features, like merging PDF files, adding multiple signers, and so on.

How to create an electronic signature for the Tn 304 Form in Gmail?

Email is the major way to send documents recently, and going paperless has a lot of advantages, speed being the main one. You can sign a document and have your partner receive it immediately.

Your email recipient is one click away. This simple process can be applied to any documents that needs a signature: contracts, tax forms, and all kinds of agreements or declarations.

The great thing about CocoSign is that it helps you sign electronically the Tn 304 Form in your Gmail, without having any other devices involved. You can do that using the CocoSign Chrome extension. There are only five simple tips you need to follow to sign your form right in your Gmail account:

  1. Find the CocoSign extension in the Chrome Web Store, and download it to your browser.
  2. Log into your Gmail account.
  3. Direct to the Inbox and find the email containing the paper you need to sign.
  4. On the sidebar, you will find the button 'Sign'; click it and generate your personalize e-signature.
  5. Once you select 'Done,' the signature will be completed, and the signed document will be automatically saved in a draft email generated by the CocoSign software.

Saving time was the primary concern behind the efforts made by CocoSign to develop a secure and safe software that can allow you to waive signing docs with pen.

Once you try the software, you will immediately become one of the many satisfied clients who are enjoying the advantages of e-signing their documents right from their Gmail account.

How to create an e-signature for the Tn 304 Form straight from your smartphone?

Smartphones and tablets are so evolved recently, that you can utilize them for anything what you can do on your laptop and PC. That's why more and more people are finishing work task from these mobile devices, saving even more time.

It's also a huge benefit work from home. As long as your internet connection is stable, you can conduct your business from anywhere.

When you need to sign a Tn 304 Form , and you're not in the office, the CocoSign web application is the answer. Signing and sending a legally binding document will take seconds. Here is what you need to do to sign a document on your phone online:

  1. Use your browser to go to CocoSign and log in. If you don't already have an account, you need to register.
  2. Discover the document that needs to be signed on the device and open it.
  3. Open the document and go to the page to insert your esignature.
  4. Select on 'My Signature'.
  5. Create your designed signature, then download it on the page.
  6. Once you have done, go over it again, select 'Done'.

All these tips won't take long, and once the document is signed, you decide the next step. You can either download it to the device or share it in an email or using a link.

A significant benefit of CocoSign is that you can use it with with any mobile device, regardless of the operating system. It's the ideal method, and it saves cost, it's safe.

How to create an e-signature for the Tn 304 Form on iOS?

Creating an electronic signature on a iPhone is not at all hard. You can sign the Tn 304 Form on your iPhone or iPad, using a PDF file. You will find the application CocoSign has created especially for iOS users. Just go to search CocoSign.

These are the tips you need to sign the form right from your iPhone or iPad:

  1. Download the CocoSign app on your iOS device.
  2. With your email to generate an account, or sign in with Google or Facebook.
  3. Discover the PDF that needs to be signed on the iPhone or pull it from the cloud.
  4. Discover the place where you want to add the signature; select 'Insert initials' and 'Insert signature'.
  5. Put down your initials or signature, place them correctly, and save changes to the document.

Once finished, the document is ready for the next step. You can download it to your iPhone and send it by email. As long as you have a efficient internet connection, you can sign and send documents instantly.

How to create an electronic signature for the Tn 304 Form on Android?

iOS has lots of of users, there's no doubt of that, but most phone users have an Android operating system. To fulfill their needs, CocoSign has developed the software, especially for Android users.

You can get the app on Play Market, install it, and you can start signing documents. These are the tips to sign a form on your Android device:

  1. If you already have a CocoSign account, sign in. If you don't have one yet, you can sign in using Google or Facebook.
  2. Select on '+' to open the document you want to sign, from cloud storage or using your camera.
  3. Discover the place where the signature must be placed and then use the popup window to write your signature.
  4. Insert it on the page, confirm, and save the changes.
  5. The final step is to save the signed document.

To send the signed form, just attach it to an email, and it will reach your clients instantly. CocoSign is the best way to sign many forms every day, all at a low price. It's time to forget all about physical signatures and keep it all electronic.

Tn 304 Form FAQs

Check the below common queries about Tn 304 Form . Communicate with directly if you still have other queries.

Need help? Contact support

As a Canadian working in the US on a TN-1 visa should I fill out the IRS Form W-8BEN or W9?

Use the W-9. The W-8BEN is used for cases where you are not working in the U.S., but receiving income relating to a U.S. Corporation, Trust or Partnership.

Does a NAFTA TN Management consultant in the U.S. still need to fill out an i-9 form even though they are an independent contractor?

Yes. You must still prove work authorization even though you are a contractor. You will fill out the I9 and indicate that you are an alien authorized to work, and provide the relevant details of your TN visa in support of your application. Hope this helps.

How can I fill out Google's intern host matching form to optimize my chances of receiving a match?

I was selected for a summer internship 2016. I tried to be very open while filling the preference form: I choose many products as my favorite products and I said I'm open about the team I want to join. I even was very open in the location and start date to get host matching interviews (I negotiated the start date in the interview until both me and my host were happy.) You could ask your recruiter to review your form (there are very cool and could help you a lot since they have a bigger experience). Do a search on the potential team. Before the interviews, try to find smart question that you are Continue Reading

How do I fill out the form of DU CIC? I couldn't find the link to fill out the form.

Just register on the admission portal and during registration you will get an option for the entrance based course. Just register there. There is no separate form for DU CIC.

Do military members have to pay any fee for leave or fiancee forms?

First off there are no fees for leaves or requests for leave in any branch of the United States military. Second there is no such thing as a fiancée form in the U.S. military. There is however a form for applying for a fiancée visa (K-1 Visa)that is available from the Immigration and Customs Service (Fiancé(e) Visas ) which would be processed by the U.S. State Department at a U.S. Consulate or Embassy overseas. However these fiancée visas are for foreigners wishing to enter the United States for the purpose of marriage and are valid for 90 days. They have nothing to do with the military and are Continue Reading

How do you know if you need to fill out a 1099 form?

It can also be that he used the wrong form and will still be deducting taxes as he should be. Using the wrong form and doing the right thing isnt exactly a federal offense

Easier, Quicker, Safer eSignature Solution for SMBs and Professionals

No credit card required14 days free