SlideShare a Scribd company logo

Reconnaissance and Social Engineering

Download as PPTX, PDF
V
Varunjeet Singh Rekhi

Detailed Descripion about reconnaissance and social engineering.

Engineering
1 of 23
RECONNAISSANCE AND SOCIAL ENGINEERING PRESENTED BY:- VARUNJEET SINGH REKHI(158/15) CSE 6th SEM
 Reconnaissance is the process of collecting information about a particular target using both physical and technical methods.  The most important principle followed by hackers in reconnaissance is that any kind of information which is highly valuable.  Reconnaissance methods include both legal illegal activities. For example- collecting information from the websites is legal activity. However collecting confidential information using social engineering and physical methods is illegal activity.
While collecting information, hackers cannot predict the use of that information. For example-consider the information about the e-mail address of a system administrator. You might consider this information to be of no importance in any hacking activity. However hackers can use this e-mail address for e-mail spamming.  The publicly available information includes: • Names of organizations and individuals. • Country names • Home and office address • Phone numbers • Domain names • Operating system • Internet service providers
 Confidential information includes: • User passwords • Company policy manuals • Business strategies  Now there are two types of reconnaissance: 1. Active reconnaissance 2. Passive reconnaissance
 In this process, hacker directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if hacker is planning active reconnaissance without permission. If detected, then system admin can take severe action against intruder and trail subsequent activities.  The attacker often uses port scanning, for example, to discover any vulnerable ports. After a port scan, an attacker usually exploits known vulnerabilities of services associated with open ports that were detected.
In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.  Methods of passive reconnaissance include: • War driving to detect vulnerable wireless networks. • Looking for information stored on discarded computers and other devices. • Masquerading as an authorized network user.
 Social engineering is the art of manipulating users of a computing system into revealing confidential information that can be used to gain unauthorized access to a computer system. The term can also include activities such as exploiting human kindness, greed, and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software.  Social engineering is an attack that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
 To access information about a person , a social engineer must gain trust of that person.  To gain trust , social engineers must use different social engineering techniques.  The different social engineering techniques are: • Impersonation • Bribery • Deception • Conformity • Reverse social engineering
 Impersonation is the technique of collecting information by acting as legitimate user or authorized employee.  Impersonation is an extremely successful social engineering method.  Hackers might use this general belief to cheat people.  While impersonating , a social engineer typically works in one of the following methods: • Before impersonation social engineer performs some basic research about the target in order to avoid any suspicion.
• A social engineer might approach a user as a system administrator or an IT support executive and ask for their passwords. • A social engineer might make a phone call to a helpdesk and ask for information by using the name of legitimate user.
 Bribery is traditional way of collecting information by manipulating personal greed.  Social engineers use bribery to collect information about their targets.  A social engineer conduct extensive research to find out possible target users.  In this technique , social engineers aim at the following types of employees of the target organization: • Workers who do not have long term interests with the organization. • Employees who are dissatisfied with the organization. • Employees who are facing financial difficulties.
 Deception is similar to impersonation.  In deception , a social engineer tries to join the target organization as an employee or a consultant and collects information.  Least used method.
 Conformity is a social engineering technique in which a hacker convinces a victim that there is no harm in providing information.  The key point in this technique is the ability of a hacker to gain the trust of the target user.  The hacker must project must project as the right person to whom the target user can disclose any confidential information.
 Reverse social engineering is technique of projecting a hacker as an authority to whom people can give confidential information for solving their problems.  Reverse social engineering requires lot of effort in terms of research and planning.  A hacker conducts reverse social engineering in the following manner: STEP 1- • The hacker creates a problem in the target system by attacking on their network. • For example, the hacker can conduct denial of service attack to shutdown the critical servers of the target network.
STEP 2- • The hacker advertises that he or she can solve the problem in the target network. • This advertisement might prompt the users of the target system to approach the hacker for solving the problem. • For example, a hacker can introduce as a security consultant who can restore and secure the services of the affected system.
STEP 3- • When the users of the target network trust the hacker, they request him or her to solve the problem. • This helps the hacker to obtain access to the target system. • While solving the problem the hacker tries to collect required information . • The hacker does not collect entire information from single user in order to avoid any suspicion.
 Different communication media used by social engineers are- • Telephone • Internet • E-mail • Snail mail
 Telephone are the cheapest and easiest way to contact people.  Social engineers avoid cordless telephones because of disturbing voices.  A particular location is identified where the background voices resemble an office atmosphere.  Most social engineers use female voices when calling the target user.  Generally people tend to trust women easily as compared to men, so social engineers use female voices to make use this human tendency.  Social engineers call multiple users and gather little bit of information from each of them.
 Social engineers use websites on the internet to collect information.  Social engineers create websites that allow users to participate in online competitions and games.  These websites ask users to create an account.  To create an account users must provide essential information such as username , passwords etc.  Social engineers use that information for hacking purposes.
 Social engineers use e-mail for two purposes.  The first purpose is to send e-mail messages by using legitimate e-mail accounts.  For example, a social engineer might use e-mail spamming techniques to send e-mail messages to the users of an organization from the e-mail address of the system administrator.  In such e-mail messages, the social engineer might ask the receivers to send their passwords for correcting problems in their user accounts.  The second purpose is to send messages for joining online competitions for getting prizes.
 Physical intrusion is the traditional technique of social engineering.  In this technique social engineers physically enters the premises of an organization for collecting the information.  Social engineers can use physical intrusion along all other techniques of social engineering.  Before performing physical intrusion a social engineer must collect some basic information such as: • Information about physical security structure. • Functioning of the organization. • Creating fake identification details and range of valid PIN numbers.
 The final step of physical intrusion is to collect information which includes:- • Looking around the workstation for some relevant information such as documents. • Getting passwords from the computer. • Installing key logger programs to extract all keystrokes made by the user. • Watching users to find out information while they type passwords. • Approaching users by pretending to be IT expert.
 Do not provide any information to unknown people.  Do not disclose any confidential information to anybody on telephone.  Do not type passwords in front of unknown people.  Do not submit information to any unsecure website.  Do not use same username and password for all accounts.  Verify the credentials of persons asking for information.  Keep confidential documents locked.  Lock the computers when away from the workstation.  Instruct helpdesk employees to provide information with proper authentication.

Recommended

Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Bug bounty
Bug bountyBug bounty
Bug bounty
n|u - The Open Security Community
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
SharmilaMore5
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 

Recommended

Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Bug bounty
Bug bountyBug bounty
Bug bounty
n|u - The Open Security Community
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
SharmilaMore5
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Network security
Network securityNetwork security
Network security
fatimasaham
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Tharindu Kalubowila
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
ethical hacking
ethical hackingethical hacking
ethical hacking
Sathish Bommisetti
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
Abhilash Ak
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Keith Brooks
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
Mina Fawzy
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
Sunny Sundeep
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
SujanTimalsina5
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1
Atika Zaimi
 

More Related Content

What's hot

Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 

What's hot (20)

Network security
Network securityNetwork security
Network security
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
 

Similar to Reconnaissance and Social Engineering

Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
SujanTimalsina5
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 

Similar to Reconnaissance and Social Engineering (20)

Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hackingppt 160730081605
Hackingppt 160730081605Hackingppt 160730081605
Hackingppt 160730081605
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
IRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical HackingIRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical Hacking
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking Attacks
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Puna 2015
Puna 2015Puna 2015
Puna 2015
 
Corporate ethics
Corporate ethicsCorporate ethics
Corporate ethics
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moima
 

More from Varunjeet Singh Rekhi

More from Varunjeet Singh Rekhi (10)

Natural Language Processing
Natural Language ProcessingNatural Language Processing
Natural Language Processing
 
Transistors and Applications
Transistors and ApplicationsTransistors and Applications
Transistors and Applications
 
Expert Systems
Expert SystemsExpert Systems
Expert Systems
 
Production System
Production SystemProduction System
Production System
 
Tic Tac Toe
Tic Tac ToeTic Tac Toe
Tic Tac Toe
 
Simple Harmonic Motion
Simple Harmonic MotionSimple Harmonic Motion
Simple Harmonic Motion
 
SCSI Interfaces
SCSI InterfacesSCSI Interfaces
SCSI Interfaces
 
Video DIsplay Technologies
Video DIsplay TechnologiesVideo DIsplay Technologies
Video DIsplay Technologies
 
Tower of Hanoi
Tower of HanoiTower of Hanoi
Tower of Hanoi
 
Bullet trains
Bullet trainsBullet trains
Bullet trains
 

Recently uploaded

ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
Dairy management system project report..pdf
Dairy management system project report..pdfDairy management system project report..pdf
Dairy management system project report..pdf
Kamal Acharya
 
ONLINE CAR SERVICING SYSTEM PROJECT REPORT.pdf
ONLINE CAR SERVICING SYSTEM PROJECT REPORT.pdfONLINE CAR SERVICING SYSTEM PROJECT REPORT.pdf
ONLINE CAR SERVICING SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
MohammadAliNayeem
 
Lecture_8-Digital implementation of analog controller design.pdf
Lecture_8-Digital implementation of analog controller design.pdfLecture_8-Digital implementation of analog controller design.pdf
Lecture_8-Digital implementation of analog controller design.pdf
mohamedsamy9878
 
Teachers record management system project report..pdf
Teachers record management system project report..pdfTeachers record management system project report..pdf
Teachers record management system project report..pdf
Kamal Acharya
 
Electrical shop management system project report.pdf
Electrical shop management system project report.pdfElectrical shop management system project report.pdf
Electrical shop management system project report.pdf
Kamal Acharya
 
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DrGurudutt
 

Recently uploaded (20)

Planetary Gears of automatic transmission of vehicle
Planetary Gears of automatic transmission of vehiclePlanetary Gears of automatic transmission of vehicle
Planetary Gears of automatic transmission of vehicle
 
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptxCloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
 
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
 
Dairy management system project report..pdf
Dairy management system project report..pdfDairy management system project report..pdf
Dairy management system project report..pdf
 
Peek implant persentation - Copy (1).pdf
Peek implant persentation - Copy (1).pdfPeek implant persentation - Copy (1).pdf
Peek implant persentation - Copy (1).pdf
 
"United Nations Park" Site Visit Report.
"United Nations Park" Site Visit Report."United Nations Park" Site Visit Report.
"United Nations Park" Site Visit Report.
 
ONLINE CAR SERVICING SYSTEM PROJECT REPORT.pdf
ONLINE CAR SERVICING SYSTEM PROJECT REPORT.pdfONLINE CAR SERVICING SYSTEM PROJECT REPORT.pdf
ONLINE CAR SERVICING SYSTEM PROJECT REPORT.pdf
 
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
 
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
 
Roushan Kumar Java oracle certificate
Roushan Kumar Java oracle certificate Roushan Kumar Java oracle certificate
Roushan Kumar Java oracle certificate
 
Lecture_8-Digital implementation of analog controller design.pdf
Lecture_8-Digital implementation of analog controller design.pdfLecture_8-Digital implementation of analog controller design.pdf
Lecture_8-Digital implementation of analog controller design.pdf
 
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical EngineeringIntroduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
 
Teachers record management system project report..pdf
Teachers record management system project report..pdfTeachers record management system project report..pdf
Teachers record management system project report..pdf
 
Electrical shop management system project report.pdf
Electrical shop management system project report.pdfElectrical shop management system project report.pdf
Electrical shop management system project report.pdf
 
Arduino based vehicle speed tracker project
Arduino based vehicle speed tracker projectArduino based vehicle speed tracker project
Arduino based vehicle speed tracker project
 
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
 
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdfA CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
 
Lect 2 - Design of slender column-2.pptx
Lect 2 - Design of slender column-2.pptxLect 2 - Design of slender column-2.pptx
Lect 2 - Design of slender column-2.pptx
 
Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1
 
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
 

Reconnaissance and Social Engineering

  • 1. RECONNAISSANCE AND SOCIAL ENGINEERING PRESENTED BY:- VARUNJEET SINGH REKHI(158/15) CSE 6th SEM
  • 2.  Reconnaissance is the process of collecting information about a particular target using both physical and technical methods.  The most important principle followed by hackers in reconnaissance is that any kind of information which is highly valuable.  Reconnaissance methods include both legal illegal activities. For example- collecting information from the websites is legal activity. However collecting confidential information using social engineering and physical methods is illegal activity.
  • 3. While collecting information, hackers cannot predict the use of that information. For example-consider the information about the e-mail address of a system administrator. You might consider this information to be of no importance in any hacking activity. However hackers can use this e-mail address for e-mail spamming.  The publicly available information includes: • Names of organizations and individuals. • Country names • Home and office address • Phone numbers • Domain names • Operating system • Internet service providers
  • 4.  Confidential information includes: • User passwords • Company policy manuals • Business strategies  Now there are two types of reconnaissance: 1. Active reconnaissance 2. Passive reconnaissance
  • 5.  In this process, hacker directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if hacker is planning active reconnaissance without permission. If detected, then system admin can take severe action against intruder and trail subsequent activities.  The attacker often uses port scanning, for example, to discover any vulnerable ports. After a port scan, an attacker usually exploits known vulnerabilities of services associated with open ports that were detected.
  • 6. In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.  Methods of passive reconnaissance include: • War driving to detect vulnerable wireless networks. • Looking for information stored on discarded computers and other devices. • Masquerading as an authorized network user.
  • 7.  Social engineering is the art of manipulating users of a computing system into revealing confidential information that can be used to gain unauthorized access to a computer system. The term can also include activities such as exploiting human kindness, greed, and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software.  Social engineering is an attack that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
  • 8.  To access information about a person , a social engineer must gain trust of that person.  To gain trust , social engineers must use different social engineering techniques.  The different social engineering techniques are: • Impersonation • Bribery • Deception • Conformity • Reverse social engineering
  • 9.  Impersonation is the technique of collecting information by acting as legitimate user or authorized employee.  Impersonation is an extremely successful social engineering method.  Hackers might use this general belief to cheat people.  While impersonating , a social engineer typically works in one of the following methods: • Before impersonation social engineer performs some basic research about the target in order to avoid any suspicion.
  • 10. • A social engineer might approach a user as a system administrator or an IT support executive and ask for their passwords. • A social engineer might make a phone call to a helpdesk and ask for information by using the name of legitimate user.
  • 11.  Bribery is traditional way of collecting information by manipulating personal greed.  Social engineers use bribery to collect information about their targets.  A social engineer conduct extensive research to find out possible target users.  In this technique , social engineers aim at the following types of employees of the target organization: • Workers who do not have long term interests with the organization. • Employees who are dissatisfied with the organization. • Employees who are facing financial difficulties.
  • 12.  Deception is similar to impersonation.  In deception , a social engineer tries to join the target organization as an employee or a consultant and collects information.  Least used method.
  • 13.  Conformity is a social engineering technique in which a hacker convinces a victim that there is no harm in providing information.  The key point in this technique is the ability of a hacker to gain the trust of the target user.  The hacker must project must project as the right person to whom the target user can disclose any confidential information.
  • 14.  Reverse social engineering is technique of projecting a hacker as an authority to whom people can give confidential information for solving their problems.  Reverse social engineering requires lot of effort in terms of research and planning.  A hacker conducts reverse social engineering in the following manner: STEP 1- • The hacker creates a problem in the target system by attacking on their network. • For example, the hacker can conduct denial of service attack to shutdown the critical servers of the target network.
  • 15. STEP 2- • The hacker advertises that he or she can solve the problem in the target network. • This advertisement might prompt the users of the target system to approach the hacker for solving the problem. • For example, a hacker can introduce as a security consultant who can restore and secure the services of the affected system.
  • 16. STEP 3- • When the users of the target network trust the hacker, they request him or her to solve the problem. • This helps the hacker to obtain access to the target system. • While solving the problem the hacker tries to collect required information . • The hacker does not collect entire information from single user in order to avoid any suspicion.
  • 17.  Different communication media used by social engineers are- • Telephone • Internet • E-mail • Snail mail
  • 18.  Telephone are the cheapest and easiest way to contact people.  Social engineers avoid cordless telephones because of disturbing voices.  A particular location is identified where the background voices resemble an office atmosphere.  Most social engineers use female voices when calling the target user.  Generally people tend to trust women easily as compared to men, so social engineers use female voices to make use this human tendency.  Social engineers call multiple users and gather little bit of information from each of them.
  • 19.  Social engineers use websites on the internet to collect information.  Social engineers create websites that allow users to participate in online competitions and games.  These websites ask users to create an account.  To create an account users must provide essential information such as username , passwords etc.  Social engineers use that information for hacking purposes.
  • 20.  Social engineers use e-mail for two purposes.  The first purpose is to send e-mail messages by using legitimate e-mail accounts.  For example, a social engineer might use e-mail spamming techniques to send e-mail messages to the users of an organization from the e-mail address of the system administrator.  In such e-mail messages, the social engineer might ask the receivers to send their passwords for correcting problems in their user accounts.  The second purpose is to send messages for joining online competitions for getting prizes.
  • 21.  Physical intrusion is the traditional technique of social engineering.  In this technique social engineers physically enters the premises of an organization for collecting the information.  Social engineers can use physical intrusion along all other techniques of social engineering.  Before performing physical intrusion a social engineer must collect some basic information such as: • Information about physical security structure. • Functioning of the organization. • Creating fake identification details and range of valid PIN numbers.
  • 22.  The final step of physical intrusion is to collect information which includes:- • Looking around the workstation for some relevant information such as documents. • Getting passwords from the computer. • Installing key logger programs to extract all keystrokes made by the user. • Watching users to find out information while they type passwords. • Approaching users by pretending to be IT expert.
  • 23.  Do not provide any information to unknown people.  Do not disclose any confidential information to anybody on telephone.  Do not type passwords in front of unknown people.  Do not submit information to any unsecure website.  Do not use same username and password for all accounts.  Verify the credentials of persons asking for information.  Keep confidential documents locked.  Lock the computers when away from the workstation.  Instruct helpdesk employees to provide information with proper authentication.