2. ECHO BRAG
• CEO TWINTECH SOLUTIONS
• HACKERS DAY LEAD CHAPTER CHENNAI
• ECOMMERCE EXPERT
• FORENSIC INVESTIGATOR
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
3. SOCIAL ENGINEERING
• SOCIAL ENGINEERING IS THE TERM USED FOR A BROAD RANGE OF MALICIOUS
ACTIVITIES ACCOMPLISHED THROUGH HUMAN INTERACTIONS. IT USES
PSYCHOLOGICAL MANIPULATION TO TRICK USERS INTO MAKING SECURITY
MISTAKES OR GIVING AWAY SENSITIVE INFORMATION.
• TYPICALLY USES A DELIVERY TOOL, LIKE EMAIL, A WEB PAGE, OR A USB KEY, TO
INDUCE A TARGET TO SHARE SENSITIVE INFORMATION OR PERFORM AN ACTION
THAT ENABLES AN ATTACKER TO COMPROMISE THE SYSTEM.
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
4. TYPES OF SE ATTACKS
Phishing Watering hole
IVR Phishing Vhishing
Scareware Quid Pro Quo
Pretexting Piggybacking
Spear phishing Diversion Theft
Whaling Honeytrap
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
5. PHISHING
• PHISHING IS THE FRAUDULENT ATTEMPT TO OBTAIN SENSITIVE INFORMATION
SUCH AS USERNAMES, PASSWORDS, AND CREDIT CARD DETAILS (AND MONEY),
OFTEN FOR MALICIOUS REASONS, BY DISGUISING AS A TRUSTWORTHY ENTITY IN
AN ELECTRONIC COMMUNICATION.
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
6. A QUICK 2 MINUTE DEMO WITH SOCIALFISH
PREREQUISITES ( PLEASE VERIFY IF YOU HAVE INSTALLED )
• PYTHON 3
• WGET FROM PYTHON
• PHP
• SUDO
HTTPS://GITHUB.COM/AN0NUD4Y/SOCIALFISH
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
7. PUNY CODE PHISHING
• BY DEFAULT, MANY WEB BROWSERS USE THE XN-- PREFIX KNOWN AS AN ASCII
COMPATIBLE ENCODING PREFIX TO INDICATE TO THE WEB BROWSER THAT THE
DOMAIN USES PUNYCODE TO REPRESENT UNICODE CHARACTERS WHICH IS A
REASONABLE MEASURE TO DEFEND AGAINST HOMOGRAPH PHISHING ATTACKS.
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
8. TYPE THIS IN YOUR BROWSER
XN--PYTM-GR5A.COM
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
9. PHISHING 2 FA TOKENS
• EVILGINX BECOMES A RELAY BETWEEN THE REAL WEBSITE AND THE PHISHED USER.
PHISHED USER INTERACTS WITH THE REAL WEBSITE, WHILE EVILGINX CAPTURES ALL
THE DATA BEING TRANSMITTED BETWEEN THE TWO PARTIES.
• EVILGINX, BEING THE MAN-IN-THE-MIDDLE, CAPTURES NOT ONLY USERNAMES AND
PASSWORDS, BUT ALSO CAPTURES AUTHENTICATION TOKENS SENT AS COOKIES.
CAPTURED AUTHENTICATION TOKENS ALLOW THE ATTACKER TO BYPASS ANY FORM
OF 2FA ENABLED ON USER'S ACCOUNT
• EVEN IF PHISHED USER HAS 2FA ENABLED, THE ATTACKER, OUTFITTED WITH JUST A
DOMAIN AND A VPS SERVER, IS ABLE TO REMOTELY TAKE OVER HIS/HER ACCOUNT.
IT DOESN'T MATTER IF 2FA IS USING SMS CODES, MOBILE AUTHENTICATOR APP OR
RECOVERY KEYS.LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
10. QUICK DEMO
PREREQUISTES
• DEBIAN 8 VPS.
• DOMAIN NAME
• INSTALLED GO OF VERSION AT LEAST 1.10.0
• HTTPS://GITHUB.COM/KGRETZKY/EVILGINX2
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
11. COUNTERMEASURES
• TRAIN YOUR EMPLOYEES ON SECURITY AWARENESS
• FILTER EMAILS FOR PHISHING THREATS
• UPDATE CLIENT-SIDE OPERATING SYSTEMS, SOFTWARE, AND PLUG-INS
• HARDEN YOUR CLIENTS
• BLOCK INTERNET-BOUND SMB AND KERBEROS TRAFFIC
• DETECT MALWARE ON ENDPOINTS
• DETECT COMPROMISED CREDENTIALS AND LATERAL MOVEMENT
• IMPLEMENT U2F-FACTOR AUTHENTICATION
• HAVE AN INCIDENT RESPONSE PLAN
LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266