Social Engineering
Upcoming SlideShare
Loading in...5
×
 

Social Engineering

on

  • 1,490 views

Social Engineering by Shobhit Gautam @ null Mumbai Meet, September 2011

Social Engineering by Shobhit Gautam @ null Mumbai Meet, September 2011

Statistics

Views

Total Views
1,490
Views on SlideShare
1,115
Embed Views
375

Actions

Likes
0
Downloads
29
Comments
0

1 Embed 375

http://null.co.in 375

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Social Engineering Social Engineering Presentation Transcript

  • Social Engineering (Because there is no patch for human stupidity)
    By: Shobhit Gautam
    Twitter @sh0bhit105
  • What Is Social Engineering?
    The art of manipulating people and getting them to do what you want.
    “Social Engineering - A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threat - used to attack information systems.”
    "Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick.
  • Common Types of Social Engineering
    Human-based
    Computer-based
  • Personality Traits
    Diffusion of responsibility
    Chance for ingratiation
    Trust relationship
    Moral duty
    Guilt
    Identification
    Desire to be Helpful
    Cooperation
  • Techniques for persuasion
    A Direct Route
    Systematic and logical statement
    A Peripheral Route
    Beat around the Bush
    Trigger strong emotions such as fear and excitement.
  • Human Based methods
    Impersonating
    Intimidation
    Creating confusion
    May I help you?
    Can you help me?
    Building Trust
    Ask and It shall be given unto you seek and ye shall find.
    Dumpster Diving
  • Computer Based
    Popup Windows
    Mail attachments
    Spam, Chain Letters and Hoaxes
    Phishing Websites
    USB devices
    Key loggers
  • Social Engineering Toolkit
    The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.
    SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset.
    It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
  • ./set
  • How to Identify A Social Engineer?
    Does not provide contact information
    Always asks for forbidden information
    Rushing Activities
    Name-dropping
    Intimidation
    Observe for Small mistakes
  • Mitigation
    Shredders
    Policies and Procedures
    Awareness
    Updated patches and Anti Viruses/Malwares
  • NOW