Social Engineering - Paiet/SEC-335 GitHub Wiki
- Motivation techniques
- Authority
- Scarcity
- Social proof
- Urgency
- Likeness
- Fear
- Shoulder surfing
- USB key drop
- Phishing
- Phishing
- Using guile and deception through electronic communications to obtain sensitive info
- Text Messages
- Fake Websites
- DEMO: SETOOLKIT fake facebook login
- Phone/VoIP
- Using guile and deception through electronic communications to obtain sensitive info
- Spear phishing
- Target specific groups/users
- Targeted for various reasons
- Target specific groups/users
- Whaling
- Targeting of high-level officials
- C-level officers
- Attack tone and language is more official/executive
- Customer feedback
- Business authority
- Legal document
- Subpoena
- Executive issue
- Targeting of high-level officials
- SMS phishing
- Voice phishing
- Phishing
Social Engineering Pt.2
-
Elicitation
- Collecting data FROM humans vs ABOUT humans
- Insider information about systems
- Business Email Compromise(BEC)
- Attacker pretends to executive
- Attacker compromises executive's email account
- Attacker sends fake email to Finance requesting funds
- Wire transfer
- Finance complies (request seems legit)
- Wire transfer
- Attacker sends fake email to Finance requesting funds
- DEMO: Spoof email request for funds
EHLOMAIL FROM:<spoofed sender>RCPT TO:<victim email addr>DATASubject:From:
- Collecting data FROM humans vs ABOUT humans
-
Interrogation
-
Impersonation
- Pretending to be an authority
- Helpdesk/IT
- Use that disguise to get target to perform task/give info
- Change your password to XXXXXX
- Need to check your account for errors. What's your pass?
- Pretending to be an authority