SlideShare a Scribd company logo

Reconnaissance and Social Engineering

Download as PPTX, PDF
V
Varunjeet Singh Rekhi

Detailed Descripion about reconnaissance and social engineering.

Engineering
1 of 23
RECONNAISSANCE AND SOCIAL ENGINEERING PRESENTED BY:- VARUNJEET SINGH REKHI(158/15) CSE 6th SEM
 Reconnaissance is the process of collecting information about a particular target using both physical and technical methods.  The most important principle followed by hackers in reconnaissance is that any kind of information which is highly valuable.  Reconnaissance methods include both legal illegal activities. For example- collecting information from the websites is legal activity. However collecting confidential information using social engineering and physical methods is illegal activity.
While collecting information, hackers cannot predict the use of that information. For example-consider the information about the e-mail address of a system administrator. You might consider this information to be of no importance in any hacking activity. However hackers can use this e-mail address for e-mail spamming.  The publicly available information includes: • Names of organizations and individuals. • Country names • Home and office address • Phone numbers • Domain names • Operating system • Internet service providers
 Confidential information includes: • User passwords • Company policy manuals • Business strategies  Now there are two types of reconnaissance: 1. Active reconnaissance 2. Passive reconnaissance
 In this process, hacker directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if hacker is planning active reconnaissance without permission. If detected, then system admin can take severe action against intruder and trail subsequent activities.  The attacker often uses port scanning, for example, to discover any vulnerable ports. After a port scan, an attacker usually exploits known vulnerabilities of services associated with open ports that were detected.
In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.  Methods of passive reconnaissance include: • War driving to detect vulnerable wireless networks. • Looking for information stored on discarded computers and other devices. • Masquerading as an authorized network user.
 Social engineering is the art of manipulating users of a computing system into revealing confidential information that can be used to gain unauthorized access to a computer system. The term can also include activities such as exploiting human kindness, greed, and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software.  Social engineering is an attack that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
 To access information about a person , a social engineer must gain trust of that person.  To gain trust , social engineers must use different social engineering techniques.  The different social engineering techniques are: • Impersonation • Bribery • Deception • Conformity • Reverse social engineering
 Impersonation is the technique of collecting information by acting as legitimate user or authorized employee.  Impersonation is an extremely successful social engineering method.  Hackers might use this general belief to cheat people.  While impersonating , a social engineer typically works in one of the following methods: • Before impersonation social engineer performs some basic research about the target in order to avoid any suspicion.
• A social engineer might approach a user as a system administrator or an IT support executive and ask for their passwords. • A social engineer might make a phone call to a helpdesk and ask for information by using the name of legitimate user.
 Bribery is traditional way of collecting information by manipulating personal greed.  Social engineers use bribery to collect information about their targets.  A social engineer conduct extensive research to find out possible target users.  In this technique , social engineers aim at the following types of employees of the target organization: • Workers who do not have long term interests with the organization. • Employees who are dissatisfied with the organization. • Employees who are facing financial difficulties.
 Deception is similar to impersonation.  In deception , a social engineer tries to join the target organization as an employee or a consultant and collects information.  Least used method.
 Conformity is a social engineering technique in which a hacker convinces a victim that there is no harm in providing information.  The key point in this technique is the ability of a hacker to gain the trust of the target user.  The hacker must project must project as the right person to whom the target user can disclose any confidential information.
 Reverse social engineering is technique of projecting a hacker as an authority to whom people can give confidential information for solving their problems.  Reverse social engineering requires lot of effort in terms of research and planning.  A hacker conducts reverse social engineering in the following manner: STEP 1- • The hacker creates a problem in the target system by attacking on their network. • For example, the hacker can conduct denial of service attack to shutdown the critical servers of the target network.
STEP 2- • The hacker advertises that he or she can solve the problem in the target network. • This advertisement might prompt the users of the target system to approach the hacker for solving the problem. • For example, a hacker can introduce as a security consultant who can restore and secure the services of the affected system.
STEP 3- • When the users of the target network trust the hacker, they request him or her to solve the problem. • This helps the hacker to obtain access to the target system. • While solving the problem the hacker tries to collect required information . • The hacker does not collect entire information from single user in order to avoid any suspicion.
 Different communication media used by social engineers are- • Telephone • Internet • E-mail • Snail mail
 Telephone are the cheapest and easiest way to contact people.  Social engineers avoid cordless telephones because of disturbing voices.  A particular location is identified where the background voices resemble an office atmosphere.  Most social engineers use female voices when calling the target user.  Generally people tend to trust women easily as compared to men, so social engineers use female voices to make use this human tendency.  Social engineers call multiple users and gather little bit of information from each of them.
 Social engineers use websites on the internet to collect information.  Social engineers create websites that allow users to participate in online competitions and games.  These websites ask users to create an account.  To create an account users must provide essential information such as username , passwords etc.  Social engineers use that information for hacking purposes.
 Social engineers use e-mail for two purposes.  The first purpose is to send e-mail messages by using legitimate e-mail accounts.  For example, a social engineer might use e-mail spamming techniques to send e-mail messages to the users of an organization from the e-mail address of the system administrator.  In such e-mail messages, the social engineer might ask the receivers to send their passwords for correcting problems in their user accounts.  The second purpose is to send messages for joining online competitions for getting prizes.
 Physical intrusion is the traditional technique of social engineering.  In this technique social engineers physically enters the premises of an organization for collecting the information.  Social engineers can use physical intrusion along all other techniques of social engineering.  Before performing physical intrusion a social engineer must collect some basic information such as: • Information about physical security structure. • Functioning of the organization. • Creating fake identification details and range of valid PIN numbers.
 The final step of physical intrusion is to collect information which includes:- • Looking around the workstation for some relevant information such as documents. • Getting passwords from the computer. • Installing key logger programs to extract all keystrokes made by the user. • Watching users to find out information while they type passwords. • Approaching users by pretending to be IT expert.
 Do not provide any information to unknown people.  Do not disclose any confidential information to anybody on telephone.  Do not type passwords in front of unknown people.  Do not submit information to any unsecure website.  Do not use same username and password for all accounts.  Verify the credentials of persons asking for information.  Keep confidential documents locked.  Lock the computers when away from the workstation.  Instruct helpdesk employees to provide information with proper authentication.

Recommended

Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crimeDevanshi Solanki
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Cyber security
Cyber security Cyber security
Cyber security Shivam Yadav
 

Recommended

Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crimeDevanshi Solanki
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Cyber security
Cyber security Cyber security
Cyber security Shivam Yadav
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 
Black hat hackers
Black hat hackersBlack hat hackers
Black hat hackersSantosh Kumar
 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp ForensicAnimesh Shaw
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedThomas Roccia
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringprimeteacher32
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Cyber security
Cyber securityCyber security
Cyber securityAnkush Verma
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxChandanChandu928137
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfSujanTimalsina5
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Atika Zaimi
 

More Related Content

What's hot

Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedThomas Roccia
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 

What's hot (20)

Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Black hat hackers
Black hat hackersBlack hat hackers
Black hat hackers
 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp Forensic
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning Attack
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social engineering
Social engineering Social engineering
Social engineering
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 

Similar to Reconnaissance and Social Engineering

Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfSujanTimalsina5
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Atika Zaimi
 
Hackingppt 160730081605
Hackingppt 160730081605Hackingppt 160730081605
Hackingppt 160730081605RAKESH SHARMA
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical HackingIRJET Journal
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
IRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical HackingIRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical HackingIRJET Journal
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxprosunghosh7
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksAman Gupta
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Shawon Raffi
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaTheko Moima
 

Similar to Reconnaissance and Social Engineering (20)

Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hackingppt 160730081605
Hackingppt 160730081605Hackingppt 160730081605
Hackingppt 160730081605
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
IRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical HackingIRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical Hacking
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking Attacks
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Puna 2015
Puna 2015Puna 2015
Puna 2015
 
Corporate ethics
Corporate ethicsCorporate ethics
Corporate ethics
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moima
 

More from Varunjeet Singh Rekhi

More from Varunjeet Singh Rekhi (10)

Natural Language Processing
Natural Language ProcessingNatural Language Processing
Natural Language Processing
 
Transistors and Applications
Transistors and ApplicationsTransistors and Applications
Transistors and Applications
 
Expert Systems
Expert SystemsExpert Systems
Expert Systems
 
Production System
Production SystemProduction System
Production System
 
Tic Tac Toe
Tic Tac ToeTic Tac Toe
Tic Tac Toe
 
Simple Harmonic Motion
Simple Harmonic MotionSimple Harmonic Motion
Simple Harmonic Motion
 
SCSI Interfaces
SCSI InterfacesSCSI Interfaces
SCSI Interfaces
 
Video DIsplay Technologies
Video DIsplay TechnologiesVideo DIsplay Technologies
Video DIsplay Technologies
 
Tower of Hanoi
Tower of HanoiTower of Hanoi
Tower of Hanoi
 
Bullet trains
Bullet trainsBullet trains
Bullet trains
 

Recently uploaded

(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 

Recently uploaded (20)

(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 

Reconnaissance and Social Engineering

  • 1. RECONNAISSANCE AND SOCIAL ENGINEERING PRESENTED BY:- VARUNJEET SINGH REKHI(158/15) CSE 6th SEM
  • 2.  Reconnaissance is the process of collecting information about a particular target using both physical and technical methods.  The most important principle followed by hackers in reconnaissance is that any kind of information which is highly valuable.  Reconnaissance methods include both legal illegal activities. For example- collecting information from the websites is legal activity. However collecting confidential information using social engineering and physical methods is illegal activity.
  • 3. While collecting information, hackers cannot predict the use of that information. For example-consider the information about the e-mail address of a system administrator. You might consider this information to be of no importance in any hacking activity. However hackers can use this e-mail address for e-mail spamming.  The publicly available information includes: • Names of organizations and individuals. • Country names • Home and office address • Phone numbers • Domain names • Operating system • Internet service providers
  • 4.  Confidential information includes: • User passwords • Company policy manuals • Business strategies  Now there are two types of reconnaissance: 1. Active reconnaissance 2. Passive reconnaissance
  • 5.  In this process, hacker directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if hacker is planning active reconnaissance without permission. If detected, then system admin can take severe action against intruder and trail subsequent activities.  The attacker often uses port scanning, for example, to discover any vulnerable ports. After a port scan, an attacker usually exploits known vulnerabilities of services associated with open ports that were detected.
  • 6. In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.  Methods of passive reconnaissance include: • War driving to detect vulnerable wireless networks. • Looking for information stored on discarded computers and other devices. • Masquerading as an authorized network user.
  • 7.  Social engineering is the art of manipulating users of a computing system into revealing confidential information that can be used to gain unauthorized access to a computer system. The term can also include activities such as exploiting human kindness, greed, and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software.  Social engineering is an attack that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
  • 8.  To access information about a person , a social engineer must gain trust of that person.  To gain trust , social engineers must use different social engineering techniques.  The different social engineering techniques are: • Impersonation • Bribery • Deception • Conformity • Reverse social engineering
  • 9.  Impersonation is the technique of collecting information by acting as legitimate user or authorized employee.  Impersonation is an extremely successful social engineering method.  Hackers might use this general belief to cheat people.  While impersonating , a social engineer typically works in one of the following methods: • Before impersonation social engineer performs some basic research about the target in order to avoid any suspicion.
  • 10. • A social engineer might approach a user as a system administrator or an IT support executive and ask for their passwords. • A social engineer might make a phone call to a helpdesk and ask for information by using the name of legitimate user.
  • 11.  Bribery is traditional way of collecting information by manipulating personal greed.  Social engineers use bribery to collect information about their targets.  A social engineer conduct extensive research to find out possible target users.  In this technique , social engineers aim at the following types of employees of the target organization: • Workers who do not have long term interests with the organization. • Employees who are dissatisfied with the organization. • Employees who are facing financial difficulties.
  • 12.  Deception is similar to impersonation.  In deception , a social engineer tries to join the target organization as an employee or a consultant and collects information.  Least used method.
  • 13.  Conformity is a social engineering technique in which a hacker convinces a victim that there is no harm in providing information.  The key point in this technique is the ability of a hacker to gain the trust of the target user.  The hacker must project must project as the right person to whom the target user can disclose any confidential information.
  • 14.  Reverse social engineering is technique of projecting a hacker as an authority to whom people can give confidential information for solving their problems.  Reverse social engineering requires lot of effort in terms of research and planning.  A hacker conducts reverse social engineering in the following manner: STEP 1- • The hacker creates a problem in the target system by attacking on their network. • For example, the hacker can conduct denial of service attack to shutdown the critical servers of the target network.
  • 15. STEP 2- • The hacker advertises that he or she can solve the problem in the target network. • This advertisement might prompt the users of the target system to approach the hacker for solving the problem. • For example, a hacker can introduce as a security consultant who can restore and secure the services of the affected system.
  • 16. STEP 3- • When the users of the target network trust the hacker, they request him or her to solve the problem. • This helps the hacker to obtain access to the target system. • While solving the problem the hacker tries to collect required information . • The hacker does not collect entire information from single user in order to avoid any suspicion.
  • 17.  Different communication media used by social engineers are- • Telephone • Internet • E-mail • Snail mail
  • 18.  Telephone are the cheapest and easiest way to contact people.  Social engineers avoid cordless telephones because of disturbing voices.  A particular location is identified where the background voices resemble an office atmosphere.  Most social engineers use female voices when calling the target user.  Generally people tend to trust women easily as compared to men, so social engineers use female voices to make use this human tendency.  Social engineers call multiple users and gather little bit of information from each of them.
  • 19.  Social engineers use websites on the internet to collect information.  Social engineers create websites that allow users to participate in online competitions and games.  These websites ask users to create an account.  To create an account users must provide essential information such as username , passwords etc.  Social engineers use that information for hacking purposes.
  • 20.  Social engineers use e-mail for two purposes.  The first purpose is to send e-mail messages by using legitimate e-mail accounts.  For example, a social engineer might use e-mail spamming techniques to send e-mail messages to the users of an organization from the e-mail address of the system administrator.  In such e-mail messages, the social engineer might ask the receivers to send their passwords for correcting problems in their user accounts.  The second purpose is to send messages for joining online competitions for getting prizes.
  • 21.  Physical intrusion is the traditional technique of social engineering.  In this technique social engineers physically enters the premises of an organization for collecting the information.  Social engineers can use physical intrusion along all other techniques of social engineering.  Before performing physical intrusion a social engineer must collect some basic information such as: • Information about physical security structure. • Functioning of the organization. • Creating fake identification details and range of valid PIN numbers.
  • 22.  The final step of physical intrusion is to collect information which includes:- • Looking around the workstation for some relevant information such as documents. • Getting passwords from the computer. • Installing key logger programs to extract all keystrokes made by the user. • Watching users to find out information while they type passwords. • Approaching users by pretending to be IT expert.
  • 23.  Do not provide any information to unknown people.  Do not disclose any confidential information to anybody on telephone.  Do not type passwords in front of unknown people.  Do not submit information to any unsecure website.  Do not use same username and password for all accounts.  Verify the credentials of persons asking for information.  Keep confidential documents locked.  Lock the computers when away from the workstation.  Instruct helpdesk employees to provide information with proper authentication.