Social Engineering

Social Engineering (Because there is no patch for human stupidity)
By: Shobhit Gautam
Twitter @sh0bhit105

What Is Social Engineering?
The art of manipulating people and getting them to do what you want.
“Social Engineering - A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threat - used to attack information systems.”
"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick.

Common Types of Social Engineering
Human-based
Computer-based

Personality Traits
Diffusion of responsibility
Chance for ingratiation
Trust relationship
Moral duty
Guilt
Identification
Desire to be Helpful
Cooperation

Techniques for persuasion
A Direct Route
Systematic and logical statement
A Peripheral Route
Beat around the Bush
Trigger strong emotions such as fear and excitement.

Human Based methods
Impersonating
Intimidation
Creating confusion
May I help you?
Can you help me?
Building Trust
Ask and It shall be given unto you seek and ye shall find.
Dumpster Diving

Computer Based
Popup Windows
Mail attachments
Spam, Chain Letters and Hoaxes
Phishing Websites
USB devices
Key loggers

Social Engineering Toolkit
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.
SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset.
It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

How to Identify A Social Engineer?
Does not provide contact information
Always asks for forbidden information
Rushing Activities
Name-dropping
Intimidation
Observe for Small mistakes

Mitigation
Shredders
Policies and Procedures
Awareness
Updated patches and Anti Viruses/Malwares

Social Engineering

by n|u - The Open Security Community on Oct 04, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 346

Statistics

Social Engineering — Presentation Transcript