Social engineering

•Download as PPTX, PDF•

1 like•162 views

Velayutham Selvaraj

Social engineering

Technology

ECHO BRAG
• CEO TWINTECH SOLUTIONS
• HACKERS DAY LEAD CHAPTER CHENNAI
• ECOMMERCE EXPERT
• FORENSIC INVESTIGATOR
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

SOCIAL ENGINEERING
• SOCIAL ENGINEERING IS THE TERM USED FOR A BROAD RANGE OF MALICIOUS
ACTIVITIES ACCOMPLISHED THROUGH HUMAN INTERACTIONS. IT USES
PSYCHOLOGICAL MANIPULATION TO TRICK USERS INTO MAKING SECURITY
MISTAKES OR GIVING AWAY SENSITIVE INFORMATION.
• TYPICALLY USES A DELIVERY TOOL, LIKE EMAIL, A WEB PAGE, OR A USB KEY, TO
INDUCE A TARGET TO SHARE SENSITIVE INFORMATION OR PERFORM AN ACTION
THAT ENABLES AN ATTACKER TO COMPROMISE THE SYSTEM.
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

TYPES OF SE ATTACKS
Phishing Watering hole
IVR Phishing Vhishing
Scareware Quid Pro Quo
Pretexting Piggybacking
Spear phishing Diversion Theft
Whaling Honeytrap
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

PHISHING
• PHISHING IS THE FRAUDULENT ATTEMPT TO OBTAIN SENSITIVE INFORMATION
SUCH AS USERNAMES, PASSWORDS, AND CREDIT CARD DETAILS (AND MONEY),
OFTEN FOR MALICIOUS REASONS, BY DISGUISING AS A TRUSTWORTHY ENTITY IN
AN ELECTRONIC COMMUNICATION.
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

A QUICK 2 MINUTE DEMO WITH SOCIALFISH
PREREQUISITES ( PLEASE VERIFY IF YOU HAVE INSTALLED )
• PYTHON 3
• WGET FROM PYTHON
• PHP
• SUDO
HTTPS://GITHUB.COM/AN0NUD4Y/SOCIALFISH
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

PUNY CODE PHISHING
• BY DEFAULT, MANY WEB BROWSERS USE THE XN-- PREFIX KNOWN AS AN ASCII
COMPATIBLE ENCODING PREFIX TO INDICATE TO THE WEB BROWSER THAT THE
DOMAIN USES PUNYCODE TO REPRESENT UNICODE CHARACTERS WHICH IS A
REASONABLE MEASURE TO DEFEND AGAINST HOMOGRAPH PHISHING ATTACKS.
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

TYPE THIS IN YOUR BROWSER
XN--PYTM-GR5A.COM
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

PHISHING 2 FA TOKENS
• EVILGINX BECOMES A RELAY BETWEEN THE REAL WEBSITE AND THE PHISHED USER.
PHISHED USER INTERACTS WITH THE REAL WEBSITE, WHILE EVILGINX CAPTURES ALL
THE DATA BEING TRANSMITTED BETWEEN THE TWO PARTIES.
• EVILGINX, BEING THE MAN-IN-THE-MIDDLE, CAPTURES NOT ONLY USERNAMES AND
PASSWORDS, BUT ALSO CAPTURES AUTHENTICATION TOKENS SENT AS COOKIES.
CAPTURED AUTHENTICATION TOKENS ALLOW THE ATTACKER TO BYPASS ANY FORM
OF 2FA ENABLED ON USER'S ACCOUNT
• EVEN IF PHISHED USER HAS 2FA ENABLED, THE ATTACKER, OUTFITTED WITH JUST A
DOMAIN AND A VPS SERVER, IS ABLE TO REMOTELY TAKE OVER HIS/HER ACCOUNT.
IT DOESN'T MATTER IF 2FA IS USING SMS CODES, MOBILE AUTHENTICATOR APP OR
RECOVERY KEYS.LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

QUICK DEMO
PREREQUISTES
• DEBIAN 8 VPS.
• DOMAIN NAME
• INSTALLED GO OF VERSION AT LEAST 1.10.0
• HTTPS://GITHUB.COM/KGRETZKY/EVILGINX2
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

COUNTERMEASURES
• TRAIN YOUR EMPLOYEES ON SECURITY AWARENESS
• FILTER EMAILS FOR PHISHING THREATS
• UPDATE CLIENT-SIDE OPERATING SYSTEMS, SOFTWARE, AND PLUG-INS
• HARDEN YOUR CLIENTS
• BLOCK INTERNET-BOUND SMB AND KERBEROS TRAFFIC
• DETECT MALWARE ON ENDPOINTS
• DETECT COMPROMISED CREDENTIALS AND LATERAL MOVEMENT
• IMPLEMENT U2F-FACTOR AUTHENTICATION
• HAVE AN INCIDENT RESPONSE PLAN
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

REFERENCE
• HTTPS://WWW.INCAPSULA.COM/WEB-APPLICATION-SECURITY/SOCIAL-
ENGINEERING-ATTACK.HTML
• HTTPS://WWW.KNOWBE4.COM/WHAT-IS-SOCIAL-ENGINEERING/
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

What's hot

Online Identity TheftDanielle Jobe

Password sprayingShalini Kaushik

Webinar: CWAF for Mid Market/Enterprise OrganizationsSucuri

Interview With Eric Vanderburg, Cyber Security & Privacy ExpertMuhammad Khan

Cyber security Tajwar khan

Biggest Data Breaches of 2013Mihajlo Prerad

Phishing Incident Response PlaybookNaushad CEH, CHFI, MTA, ITIL

Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...REVULN

Security Threat PresentationRobert Giannini

Fostering Trustworthy Digital EngagementDigital Exeter

Public Wi-Fi security 101RapidSSLOnline.com

2018 Hacked Website TrendsSucuri

All About Hacking..!!Mahatma Gandhi Institute of Edu and Research Center

What is spear phishing ( cyber attack )Olivia martins

Designing Trustable Products: Microinteractions Matter for Secure UXAme Elliott

Document from Sidra Saghir Asim.pptxsidrasagheer1

Are You a Hacker's Target?Blue Coat

Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike

Recap of 2017's biggest cyber-incidents so farHardik Ashok Kevadiya

Education is the Key to Fighting Cyber CrimeBlue Coat

What's hot (20)

Online Identity Theft

Password spraying

Webinar: CWAF for Mid Market/Enterprise Organizations

Interview With Eric Vanderburg, Cyber Security & Privacy Expert

Cyber security

Biggest Data Breaches of 2013

Phishing Incident Response Playbook

Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...

Security Threat Presentation

Fostering Trustworthy Digital Engagement

Public Wi-Fi security 101

2018 Hacked Website Trends

All About Hacking..!!

What is spear phishing ( cyber attack )

Designing Trustable Products: Microinteractions Matter for Secure UX

Document from Sidra Saghir Asim.pptx

Are You a Hacker's Target?

Cyber Security Extortion: Defending Against Digital Shakedowns

Recap of 2017's biggest cyber-incidents so far

Education is the Key to Fighting Cyber Crime

Similar to Social engineering

Cyber security review paperMaheshSwami19

CYBERSECURITYKeshavGarg153749

Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar

Social engineering Abdelhamid Limami

5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators

Phishing technology by chittaChittaranjan Das

Protecting Your Business From CybercrimeDavid J Rosenthal

Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Alan McSweeney

First Union Bank ReportYogesh Kumar

Security Breaches from Compromised User LoginsIS Decisions

What is Network Security and Why is it Needed?lorzinian

The Immune System of InternetMohit Kanwar

CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,

2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community

Cyber Fraud and Risk Management By Bolaji BankoleBolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,

Why is cyber security a disruption in the digital economyMark Albala

Securing Privileged Access “Inside the Perimeter”Bomgar

Security as a top of mind issue for mobile application developmentȘtefan Popa

PhishingSaurabhKantSahu1

Similar to Social engineering (20)

Cyber security review paper

CYBERSECURITY

Updated Cyber Security and Fraud Prevention Tools Tactics

Social engineering

5 Security Tips to Protect Your Login Credentials and More

Phishing technology by chitta

Protecting Your Business From Cybercrime

Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...

First Union Bank Report

Security Breaches from Compromised User Logins

What is Network Security and Why is it Needed?

The Immune System of Internet

CYBER THREAT FORCAST 2016

2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization

Cyber Fraud and Risk Management By Bolaji Bankole

Why is cyber security a disruption in the digital economy

Securing Privileged Access “Inside the Perimeter”

Security as a top of mind issue for mobile application development

Phishing

Recently uploaded

Pigging Solutions in Pet Food ManufacturingPigging Solutions

The transition to renewables in India.pdfCompetition Advisory Services (India) LLP

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada

Vulnerability_Management_GRC_by Sohang Sengupta.pptxnull - The Open Security Community

Install Stable Diffusion in windows machinePadma Pradeep

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community

Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst

Understanding the Laravel MVC ArchitecturePixlogix Infotech

Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada

costume and set research powerpoint presentationphoebematthew05

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR

SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren

APIForce Zurich 5 April Automation LPDGMarianaLemus7

Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK

Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix

DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing

The transition to renewables in India.pdf

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

Vulnerability_Management_GRC_by Sohang Sengupta.pptx

Install Stable Diffusion in windows machine

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx

Human Factors of XR: Using Human Factors to Design XR Systems

Understanding the Laravel MVC Architecture

Designing IA for AI - Information Architecture Conference 2024

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

costume and set research powerpoint presentation

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service

SQL Database Design For Developers at php[tek] 2024

APIForce Zurich 5 April Automation LPDG

Unblocking The Main Thread Solving ANRs and Frozen Frames

Swan(sea) Song – personal research during my six years at Swansea ... and bey...

DMCC Future of Trade Web3 - Special Edition

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Social engineering

1. SOCIAL ENGINEERING VELAYUTHAM SELVARAJ MSC IN DIGITAL FORENSICS AND CYBER CRIME ANALYSIS

2. ECHO BRAG • CEO TWINTECH SOLUTIONS • HACKERS DAY LEAD CHAPTER CHENNAI • ECOMMERCE EXPERT • FORENSIC INVESTIGATOR LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

3. SOCIAL ENGINEERING • SOCIAL ENGINEERING IS THE TERM USED FOR A BROAD RANGE OF MALICIOUS ACTIVITIES ACCOMPLISHED THROUGH HUMAN INTERACTIONS. IT USES PSYCHOLOGICAL MANIPULATION TO TRICK USERS INTO MAKING SECURITY MISTAKES OR GIVING AWAY SENSITIVE INFORMATION. • TYPICALLY USES A DELIVERY TOOL, LIKE EMAIL, A WEB PAGE, OR A USB KEY, TO INDUCE A TARGET TO SHARE SENSITIVE INFORMATION OR PERFORM AN ACTION THAT ENABLES AN ATTACKER TO COMPROMISE THE SYSTEM. LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

4. TYPES OF SE ATTACKS Phishing Watering hole IVR Phishing Vhishing Scareware Quid Pro Quo Pretexting Piggybacking Spear phishing Diversion Theft Whaling Honeytrap LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

5. PHISHING • PHISHING IS THE FRAUDULENT ATTEMPT TO OBTAIN SENSITIVE INFORMATION SUCH AS USERNAMES, PASSWORDS, AND CREDIT CARD DETAILS (AND MONEY), OFTEN FOR MALICIOUS REASONS, BY DISGUISING AS A TRUSTWORTHY ENTITY IN AN ELECTRONIC COMMUNICATION. LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

6. A QUICK 2 MINUTE DEMO WITH SOCIALFISH PREREQUISITES ( PLEASE VERIFY IF YOU HAVE INSTALLED ) • PYTHON 3 • WGET FROM PYTHON • PHP • SUDO HTTPS://GITHUB.COM/AN0NUD4Y/SOCIALFISH LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

7. PUNY CODE PHISHING • BY DEFAULT, MANY WEB BROWSERS USE THE XN-- PREFIX KNOWN AS AN ASCII COMPATIBLE ENCODING PREFIX TO INDICATE TO THE WEB BROWSER THAT THE DOMAIN USES PUNYCODE TO REPRESENT UNICODE CHARACTERS WHICH IS A REASONABLE MEASURE TO DEFEND AGAINST HOMOGRAPH PHISHING ATTACKS. LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

8. TYPE THIS IN YOUR BROWSER XN--PYTM-GR5A.COM LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

9. PHISHING 2 FA TOKENS • EVILGINX BECOMES A RELAY BETWEEN THE REAL WEBSITE AND THE PHISHED USER. PHISHED USER INTERACTS WITH THE REAL WEBSITE, WHILE EVILGINX CAPTURES ALL THE DATA BEING TRANSMITTED BETWEEN THE TWO PARTIES. • EVILGINX, BEING THE MAN-IN-THE-MIDDLE, CAPTURES NOT ONLY USERNAMES AND PASSWORDS, BUT ALSO CAPTURES AUTHENTICATION TOKENS SENT AS COOKIES. CAPTURED AUTHENTICATION TOKENS ALLOW THE ATTACKER TO BYPASS ANY FORM OF 2FA ENABLED ON USER'S ACCOUNT • EVEN IF PHISHED USER HAS 2FA ENABLED, THE ATTACKER, OUTFITTED WITH JUST A DOMAIN AND A VPS SERVER, IS ABLE TO REMOTELY TAKE OVER HIS/HER ACCOUNT. IT DOESN'T MATTER IF 2FA IS USING SMS CODES, MOBILE AUTHENTICATOR APP OR RECOVERY KEYS.LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

10. QUICK DEMO PREREQUISTES • DEBIAN 8 VPS. • DOMAIN NAME • INSTALLED GO OF VERSION AT LEAST 1.10.0 • HTTPS://GITHUB.COM/KGRETZKY/EVILGINX2 LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

11. COUNTERMEASURES • TRAIN YOUR EMPLOYEES ON SECURITY AWARENESS • FILTER EMAILS FOR PHISHING THREATS • UPDATE CLIENT-SIDE OPERATING SYSTEMS, SOFTWARE, AND PLUG-INS • HARDEN YOUR CLIENTS • BLOCK INTERNET-BOUND SMB AND KERBEROS TRAFFIC • DETECT MALWARE ON ENDPOINTS • DETECT COMPROMISED CREDENTIALS AND LATERAL MOVEMENT • IMPLEMENT U2F-FACTOR AUTHENTICATION • HAVE AN INCIDENT RESPONSE PLAN LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

12. REFERENCE • HTTPS://WWW.INCAPSULA.COM/WEB-APPLICATION-SECURITY/SOCIAL- ENGINEERING-ATTACK.HTML • HTTPS://WWW.KNOWBE4.COM/WHAT-IS-SOCIAL-ENGINEERING/ LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266

Social engineering

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Social engineering

Similar to Social engineering (20)

Recently uploaded

Recently uploaded (20)

Social engineering