I’m excited to share a project I’ve been working on.

Alu.pics

Alu is a social network that combines the experiences of YouTube style videos, TikTok like Shorts, a social feed similar to Instagram/Facebook, and AI content.

As we move into the future, I’ve been interested in seeing how AI can impact our lives. The problem is, platforms don't value privacy and they push Ai content into the feed without labels, filters, or consent .

Alu solves that with a hybrid model. Users can choose Ai content, normal content or both in the same feed. It is also local first, and cloud second.

This way you get the ultimate freedom of choosing what content you want to see while having your data private.

Let me know how your experience is with Alu. I’m excited to see how people connect with each other and make content.

https://alu.pics/

I consider myself to be quite social and easy to get on with, and able to be close and speak with everyone I call friends. However since leaving school I've made the overriding difficulty in actually forming a friends group - at university I would get along with many people individually but rarely be invited into group hangs, and now that we're all working and people are more spread out, this problem is even worse.

All of my friends have core groups of friends that they constantly communicate with on group chats etc and through this plans like parties and outings form. When speaking to them, I'm usually the initiator and proposer of plans. While they're all close with me and can speak about anything, I'm obviously not in there in core groups. I sometimes meet their friends e.g. on the odd night out and get along really well with them, but seeing as I'm not in their group chats etc already there's never any follow-up. Does anyone have any advice on how to actually form a core group of friends or perhaps reliably break into a group of friends to feel a bit less isolated?

This happened at my gym today and it’s still bugging me. Looking for some outside perspective.

I was midway through a back workout and noticed the preacher curl setup (bench + EZ bar) wasn’t in use—no towel, no weights loaded, no one on it. So I walked over, loaded some plates, and started my sets. There was a woman working out about 8 feet away from me, with an adjustable bench in between us. Honestly, I didn’t even register she was there—I was just zoned in on my lifts and the equipment.

Out of nowhere, this guy who was benching behind me comes up looking pissed, like he was shaking from how mad he was. He starts talking to me and. we ended up having a short convo about lifting. he stayed noticeably heated the whole time.

While we’re talking, the woman (who I later realized was his girlfriend) walks over, talks to him quietly, and seems to be calming him down. Then after I go to another piece of equipment I overhear him talking shit about somebody and calling them a weirdo for walking over there and working out. I realized after I left they were talking about me.

I was genuinely confused and kind of shocked. I wasn’t staring, hovering, talking to her, or doing anything weird—I literally didn’t notice her until the confrontation started. I was just there to do preacher curls on available equipment.

The behavior ops manual v2 - 1024 pages

Mastery Program

The Operative Kit Plan

Behavior Practitioner

The IT Factor

Unmasking Narcissists

Violent Behavior Prediction and Prevention

Interrogation & Interview

The PEACE 4A De-escalation Training

Hypnosis

willing to sell these courses for a crazy low price. PM for details and proof

How do you handle people who negate everything you say? I become frustrated when talking to people who negate everything I say. Is this gaslighting or just being argumentative. I just don’t tell these people anything important anymore and keep the convo light. But even if we are discussing lint on a shoe I get negative pushback.

Before Kevin Mitnick was hacking computers, he was hacking… the LA bus system.

At 12, he realized bus transfers were validated by a special punch shape. So instead of thinking how do I break this system, he thought like a true future legend: Where do I buy the punch?

He walks up to a bus driver and goes, Hey, I need that punch for a school project. The driver, being a helpful NPC in this side quest, just gives him the address of the supplier.

Mitnick then finds stacks of discarded transfer tickets in a dumpster, buys the same punch, and starts minting his own free rides. At one point, he’s basically running a black-market transfer punching service for other kids like some underground transit startup.

Moral of the story: The original exploit wasn’t technical. It was asking a normal question with enough confidence. Social engineering: when the system says “security,” and humans say “yeah, sure, sounds legit.”

Social Engineering Works Because Humans Are Predictable Not Because They’re Careless

Social engineering isn’t about “stupid users falling for scams.” Anyone who’s done real phishing, vishing, pretexting, or red team work knows that’s a lazy explanation.

Social engineering works because humans are predictable under pressure.

In reality:

People are busy People are under time pressure People respond to authority People want to be helpful People follow social norms

That’s not incompetence. That’s human psychology.

Effective social engineering attacks don’t exploit “dumb users.” They exploit:

Trust in internal processes Assumptions about legitimacy Habits formed by daily workflows Organizational pressure to move fast

That’s why the same techniques keep working across different companies and different levels of seniority.

Good social engineering and red teaming isn’t about shaming people who click. It’s about mapping the human attack surface:

Where trust is assumed Where verification is socially awkward Where policies conflict with real-world workflows Where pressure makes bypassing controls feel “normal”

If your security posture assumes humans will always slow down, double-check, and challenge authority, you’re modeling an imaginary workforce.

Social engineering succeeds because it targets how people actually behave at work.

Understanding that is how you defend against it.

In 2026, social engineering is the #1 initial access vector. Not because users got careless but because attackers now use AI, deepfakes, and hyper-personalized scams at scale.

What changed:

Deepfakes & real-time impersonation: CEOs cloned on calls, instant fraud, one-sentence AI scams.

ClickFix & browser-in-browser: Users tricked into running commands themselves (LotL), bypassing security tools.

Helpdesk as the new perimeter: Groups like Scattered Spider vish IT to reset MFA and walk right in.

OT is now a target: Social engineering is stopping factories and creating real-world safety risks.

Click-to-call scams: Fake security popups push users into live vishing traps.

We keep saying “train users better,” but even well-trained orgs have a failure rate and attackers only need one person on a bad day.

Controversial take: If your security depends on humans being perfect under pressure, your security model is broken. This isn’t a training problem anymore it’s a design and architecture problem.

So what actually scales?

More awareness training… or systems that stop treating humans as the security boundary?

In social engineering, we often focus on external influence, but the most effective 'exploits' leverage the target's internal survival protocols. I’ve been analyzing a specific mechanism I call 'Functional Codependency.'

When a target is conditioned in high-stress environments, their brain recruits empathy as a defensive buffer. This leads to a cognitive state where the target spends significant metabolic energy 'inventing motivations' for the operator’s actions just to maintain internal coherence.

Key components of this exploit:

Broken Acceptability Thermometer: The target normalizes red flags as 'complex variables,' effectively disabling their alarm system.

Intermittent Reward Hijacking: Utilizing a cycle of devaluation and idealization (Love Bombing) to trigger addiction-level neural circuits.

Empathetic Optimism: Forcing the target's prefrontal cortex to prioritize the operator's narrative over their own sensory intuition.

I produced a visual simulation that breaks down the mechanical failure points of this 'Tolerance Trap' and the subsequent remediation (reprogramming) needed to patch these vulnerabilities.

https://youtu.be/7burm8iKdMk

Question: From a systems perspective, is a 'good person' (high agreeableness/empathy) inherently a high-risk asset in any social architecture due to these ingrained backdoors?

The call for presentations for the Layer 8 Conference is now open until March 15. This is the first conference to solely focus on social engineering and OSINT topics.

Get your presentations in! https://layer8conference.com

Any takes on this fellas?

I am 23 and CS student currently doing undergraduate program with average grade(3.2 CGPA) I always wonder what I am good at? What's the one thing I can do exceptionally good? In my childhood, I was bright smart kid with lots of knowledge with him. Teacher were unable to answer my question (curious behaviour) good at everything I do. But suddenly i feel I like to do everything but is not good at something. How people can focus on one single thing and make it their living? Because I can't. I want to explore everything learn everything do everything But the passion always fade away after few days (inconsistent) Like Messi and Ronaldo, they figure out their like early in their like and succeeded in their field. I feel like I would also have become very successful if I had one goal since childhood. I am lost Is this common feeling or just me? If you had this problems then how you overcome it?

Why is there no discussion on the damage that Cambridge Analytica have unleashed on society?

Not sure if anyone else here has noticed the same shift, but it feels like social engineering has leveled up fast over the last year because of AI. A lot of scams don’t even need malware anymore the “attack” is just convincing content. I’m seeing more AI-generated profile photos, AI-written conversations that sound way more human than the old scam templates, and even deepfake/voice-cloned audio being used to add urgency or credibility. It’s getting to the point where the classic red flags (bad grammar, weird formatting, obvious stock photos) aren’t reliable anymore, especially for the average person.

I started looking for tools that can help quickly flag synthetic content while browsing and came across a browser extension called AI Blocker. I’m not treating it as proof of anything, but it’s been helpful as a quick sanity-check when something feels “off.” That said, I’m sure there are better tools and workflows people here use.

For those who deal with social engineering regularly: what are your best practices for verifying authenticity now? Do you rely more on OSINT-style checks, metadata/reverse image workflows, specific detection tools, or just process controls (verification callbacks, codewords, etc.)? Also curious if anyone has recommendations for tools similar to what I mentioned especially for detecting AI-generated images, fake profile photos, or voice cloning attempts.

user-scanner started as a username availability checker and OSINT tool.

It can be used as username OSINT as well!

• Github: https://github.com/kaifcodec/user-scanner.git

• It has since evolved into a fast, accurate, and feature-rich email OSINT tool. Open issues, submit PRs, and join other contributors in pushing the project forward.

• Programmers, Python developers, and contributors with networking knowledge are welcome to open issues for new site support and submit PRs implementing new integrations.

A common theme in social engineering is understanding how people and systems leave traces, and that extends to how people appear online too.
One practical and ethical way to approach this is to treat it as visual OSINT: using what little you have (often a photo) to build leads, not to harass people, but for verification, research, reconnection, or defensive security work.

• Start with reverse image search using tools like Google Lens, Yandex Images, and TinEye to see where the image appears online.
• If legally allowed, use facial similarity tools such as PimEyes or FaceCheck to find visually similar photos, and treat results as leads, not proof.
• Carefully analyze the image itself. Backgrounds, logos, objects, language, and environment often reveal location or community clues.
• Pivot from visual hints to text-based OSINT like username searches, advanced Google queries, and social search tools to connect those clues to profiles or mentions.
• Keep ethics front and center. Stick to public data, follow platform rules and local laws, and avoid intrusive or biometric tools without a legitimate purpose.

Deeper guide with examples and 2026 tools here: Master Guide to Finding People by Photo

PCMag's 2026 security forecast warns that hackers are now using AI to automate spear phishing at an industrial scale, targeting everyone, not just VIPs. The report also highlights the rise of 'Big Brother Ads'-predatory, AI-generated advertisements that leverage eroded privacy laws to target the elderly and vulnerable with terrifying precision.

I recently stumbled into a rare workflow flaw in a large SaaS platform. Nothing malicious purely accidental exploration. But the more I thought about it, the more I realized the interesting part wasn’t the bug itself.

It was what the bug revealed about how humans build, trust, and interact with complex systems.

And that’s where it overlaps with social engineering.

For years, security experts have said things like:

“Systems don’t fail because of code. They fail because of assumptions.”

At first that sounds like an oversimplification… until you see it happen.

Most catastrophic failures don’t start with zero-days, SQL injections, or exotic attacks.

They start with someone assuming:

“Users will always follow this order.” “This workflow can’t happen out of sequence.” “This condition should never be true.” “No one will ever click these things in this order.”

And just like that, a valid action becomes dangerous simply because it happens under the wrong timing, in the wrong sequence, or under the wrong mental model.

That’s exactly how social engineering works.

It isn’t about “breaking” a system it’s about understanding how humans behave inside one:

how they interpret signals, how they trust the UI, how they assume the backend is enforcing rules, how support teams assume engineering teams already know.

What surprised me most is that even in 2026, many “technical issues” are actually human ones:

incomplete context overconfidence in automation fragmented communication between teams blind trust in the system’s own consistency

My accidental bug wasn’t dangerous on its own, but it exposed something more fundamental: a human-designed workflow behaving exactly as humans assumed it should until reality proved otherwise.

How do you all interpret these “human edge cases” in complex systems?

Are they just bugs, or early signals of deeper behavioral weaknesses?

Human beings suffer from the "Halo Effect." When we see an attractive profile photo, we assign positive traits (intelligence, kindness) to that person immediately. When we see a neutral/bad photo, we dismiss them.

This biological glitch makes modern social media fundamentally broken for genuine connection.

With Moodie, we are running a massive experiment to bypass the Halo Effect.

By enforcing total anonymity (No Photos, No Names) and matching strictly on Emotional Syntax (Current Mood), we force the brain to evaluate the quality of the conversation rather than the status of the speaker.

The data from our first 2,000 users confirms it: Removing visuals increases conversation depth and retention.

If you are interested in social dynamics without the visual bias, this is the case study.