View
1.278
Download
2
Embed Size (px)
DESCRIPTION
Social Engineering by Shobhit Gautam @ null Mumbai Meet, September 2011
Citation preview
Social Engineering (Because there is no patch for human stupidity)
By: Shobhit GautamTwitter @sh0bhit105
What Is Social Engineering?
The art of manipulating people and getting them to do what you want.
“Social Engineering - A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threat - used to attack information systems.”
"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick.
Common Types of Social Engineering
Human-based
Computer-based
Personality Traits
Diffusion of responsibility
Chance for ingratiation
Trust relationship
Moral duty
Guilt
Identification
Desire to be Helpful
Cooperation
Techniques for persuasion
A Direct Route
Systematic and logical statement
A Peripheral Route
Beat around the BushTrigger strong emotions such as fear and excitement.
Human Based methods
Impersonating
Intimidation
Creating confusion
May I help you?
Can you help me?
Building Trust
Ask and It shall be given unto you seek and ye shall find.
Dumpster Diving
Computer Based
Popup Windows
Mail attachments
Spam, Chain Letters and Hoaxes Phishing Websites
USB devices
Key loggers
Social Engineering Toolkit
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.
SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset.
It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
./set
How to Identify A Social Engineer?
Does not provide contact information
Always asks for forbidden information
Rushing Activities
Name-dropping
Intimidation
Observe for Small mistakes
Mitigation
Shredders
Policies and Procedures
Awareness
Updated patches and Anti Viruses/Malwares
NOW