Class 5: Social Engineering

• companies spend a lot of money for perimeter security.
• do they spend enough for employee training?
• Weakest link?
• tactics, techniques, and procedures (TTPs)

TOOLS

• Social-Engineer Toolkit (SET)
• theHarvester
• Ghost Phisher
• Maltego
• Recon-ng

Trace Labs OSINT VM

https://www.tracelabs.org/initiatives/osint-vm

LAWS and Ethical Social Engineering

• since as a pen-tester, doing a social engineering attack, one would be interacting with a person, extra care is needed.
• Should you report name of the specific employee who is the victim of your attack?
• Spoofing phone numbers illegal in TN!!
• Can you record a call without any consent from both parties? Two party consent is required for states like - California,Delaware,Florida,Maryland etc. *** While you are ethical hacking, can someone detect you and think as a bad actor?**

Pretexting

the act of impersonating someone.

Human elements

• Influence
• Manipulation
• Rapport
• Six Principles of persuasion:

1. authority
2. Likability
3. Urgency and Scarcity ( this is interesting )
4. Commitment and Consistency
5. Social Proof
6. Reciprocity

Sympathy vs Empathy

Empathy>> shared emotions or shared perspectives, sympathy >> expresses only how you feel

Radio Prankster

https://abcnews.go.com/International/royal-hoaxers-pulled-off-air-nurses-death/story?id=17903539

Pen testers Arrested?

• https://mashable.com/article/penetration-test-arrested-iowa-dallas-county-courthouse
• What could they have done differently?

People OSINT , Business OSINT

• https://www.crunchbase.com/
• https://www.shodan.io/
• https://builtwith.com//
• https://osintframework.com/

Recon-ng

OSINT

• Linkedin
• Facebook
• Geotagged Post
• Job description
• https://www.hunch.ly/
• Pilfering SEC Forms - SEC Form 10-K >> company’s annual report.

People OSINT

• https://haveibeenpwned.com/
• hipb_breach and hibp_paste
• SHerlock - https://github.com/sherlock-project/sherlock/
• WhatsMyName - https://github.com/WebBreacher/WhatsMyName/
• https://github.com/tch1001/pwdlogy
• ExifTool

NGROK

• https://ngrok.com/

RTLO

The file name with ThisIsRTLOfileexe.doc is actually ThisIsRTLOfiledoc.exe, which is an executable file with a U+202e placed just before “doc.”

• https://resources.infosecinstitute.com/topic/spoof-using-right-to-left-override-rtlo-technique-2/

SFX Tool

• https://www.tc4shell.com/en/help/basics/how-to-open-a-self-extracting-sfx-archive/