Social Engineering Adversary

This adversary knows how to trick users and manipulate people. It is usually out of scope for most technical design but is one of the most commonly found adversaries in the wild.


It has several methods of social engineering and the user follows all displayed or messaged steps. It is familiar with the application logic and knows how to (ab)use features.


Usually the adversary is trying to gain information or get a foothold on the system where the application is executed.


It can perform any step a legit user of the application is privileged to do. The limitation is only the complexity of passing input to the executing user. Depending on the Input Control it can trick the user to abuse parsing issues.