SlideShare a Scribd company logo

Social engineering

Gautam MD
Gautam MD

An example presentation on how a social engineering attack can be launched using just OSINT tools for research on the target. This presentation shows how to craft a plan using the information gathered and launch a social engineering attack on the target.

Technology
1 of 14
Download to read offline
About me – Gautam Devaraju @gautammd | India CISE | Analyst Social Engineering OSINT
Social Engineering - What is it?  In the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
Target – Information – Name – Arinze Akutekwe Nationality – Nigerian Age – 33 (Not confirmed) Occupation - Researcher in Computational Intelligence and Biometrics at Centre for Computational Intelligence (CCI) De Montfort University, Leicester.
These information are used to launch the attack and deploy a backdoor for post exploitation. Information Analysis • Interested in Bioinformatics and Biomedicine. • Attended Bioinformatics and Biomedicine (BIBM); 2nd to 5th November 2014 at Hilton Belfast 4 Lanyon Place Belfast, BT1 3LP United Kingdom Tel. : +44-28-90277000 with Dr. Huseyin Seker • Presented on Particle Swarm Optimization-Based Bio-Network Discovery Method for the Diagnosis of Colorectal Cancer with Huseyin seker.
Email Spoofing – E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. However, spoofing anyone other than yourself is illegal in some jurisdictions. Methods used in this Attack
 Caller ID Spoofing – Caller ID spoofing is the practice of causing the telephone network to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. For example, a Caller ID display might display a phone number different from that of the telephone from which the call was placed.
 Identity Theft - Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, usually as a method to gain access to resources or obtain credit and other benefits in that person's name.
Attack Scenario Step 1 - Call Hilton Belfast Hotel on +44-28-90277000 and get name of the manager. (It can be done either by saying that you would like to talk about the service and give some appreciation about it or would like to complain about the service).
Step 2 - Spoof manager email and phone number using any caller id spoofing service. Example - spoofcard.com, spooftel.com.
Step 3 - Call Dr. Huseyin Seker on +44 (0)116 207 8404 impersonating the identity of hotel manager. Explain Dr. Huseyin Seker that Hilton Belfast is hosting another Workshop on Computational Intelligence for Biomedicine and Bioinformatics (CIBB) and request if he could present on Particle Swarm Optimization-Based Bio-Network Discovery Method for the Diagnosis of Colorectal Cancer with Arinze Akutekwe. In the end, ask him to inform Arinze Akutekwe that they would be receiving an email shortly with all the information about the event. Add that, He can find more information about the event over the website.
Step 4 - After couple of hours send a spoofed email with email headers to be manager email (made up email should also work) which contains an attachment of pdf file binded to Trojan backdoor executable. Step 5- Once the system is infected and a reverse meterpreter session is opened, migrate into another process, clear the event logs and download all sensitive information.
Post – Exploitation Examples  User Privilege Exploitation  Dig more into network for internal access  Keystrokes capture and dump
References 1. Caller ID spoof. (2015). [image] Available at: http://pad2.whstatic.com/images/thumb/c/cf/Use-A- Spoof-Caller-ID-Step-1.jpg/670px-Use-A-Spoof-Caller-ID-Step-1.jpg [Accessed 12 Mar. 2015]. 2. Caller Id spoofing. (2015). [image] Available at: http://media.idownloadblog.com/wp- content/uploads/2011/08/Photo-Aug-21-11-50-18-AM-e1313946471782.png [Accessed 12 Mar. 2015]. 3. Email Spoofing. (2015). [image] Available at: http://michellgroup.com/wp- content/uploads/2014/02/email-spoofing.jpg [Accessed 12 Mar. 2015]. 4. Identity Theft. (2015). [image] Available at: http://www.cityofmadison.com/sites/default/files/events/images/identity-theft_full.gif [Accessed 12 Mar. 2015]. 5. Metasploit Meterpreter. (2015). [image] Available at: http://myciscoworld.com/wp- content/uploads/2013/03/metasploit-meterpreter1.png [Accessed 12 Mar. 2015]. 6. Social Engineer Call. (2015). [image] Available at: http://blog.malwarebytes.org/wp- content/uploads/2013/06/photodune-3396562-calling-m.jpg [Accessed 12 Mar. 2015]. 7. Any Questions. (2015). [image] Available at: http://i1275.photobucket.com/albums/y446/porschalink/Jasmine%20Porsche%20Centre/AnyQuestio ns_zps6309316a.jpg [Accessed 12 Mar. 2015].

Recommended

V3I6-0108
V3I6-0108V3I6-0108
V3I6-0108Bhavana Sahni
 
Infosec
InfosecInfosec
InfosecSinarShebl
 
A017510102
A017510102A017510102
A017510102IOSR Journals
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Web spoofing
Web spoofingWeb spoofing
Web spoofingkondalarao7
 
M dgx mde0mdm=
M dgx mde0mdm=M dgx mde0mdm=
M dgx mde0mdm=International Journal of Science and Research (IJSR)
 
Avar2011 changing security_awareness_training
Avar2011 changing security_awareness_trainingAvar2011 changing security_awareness_training
Avar2011 changing security_awareness_trainingYoungjun Chang
 
A guide to email spoofing
A guide to email spoofingA guide to email spoofing
A guide to email spoofingMattChapman50
 

Recommended

V3I6-0108
V3I6-0108V3I6-0108
V3I6-0108Bhavana Sahni
 
Infosec
InfosecInfosec
InfosecSinarShebl
 
A017510102
A017510102A017510102
A017510102IOSR Journals
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Web spoofing
Web spoofingWeb spoofing
Web spoofingkondalarao7
 
M dgx mde0mdm=
M dgx mde0mdm=M dgx mde0mdm=
M dgx mde0mdm=International Journal of Science and Research (IJSR)
 
Avar2011 changing security_awareness_training
Avar2011 changing security_awareness_trainingAvar2011 changing security_awareness_training
Avar2011 changing security_awareness_trainingYoungjun Chang
 
A guide to email spoofing
A guide to email spoofingA guide to email spoofing
A guide to email spoofingMattChapman50
 
2009 do d osint staff briefing
2009 do d osint staff briefing2009 do d osint staff briefing
2009 do d osint staff briefingRobert David Steele Vivas
 
Competitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAECompetitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAEKHALID DALIL
 
OSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinOSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinEC-Council
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistryn|u - The Open Security Community
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringChris Gates
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] Jose Manuel Ortega Candel
 
Blackmagic Open Source Intelligence OSINT
Blackmagic Open Source Intelligence OSINTBlackmagic Open Source Intelligence OSINT
Blackmagic Open Source Intelligence OSINTSudhanshu Chauhan
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsCase IQ
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligencec0c0n - International Cyber Security and Policing Conference
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 

More Related Content

Viewers also liked

Competitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAECompetitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAEKHALID DALIL
 
OSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinOSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinEC-Council
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringChris Gates
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] Jose Manuel Ortega Candel
 
Blackmagic Open Source Intelligence OSINT
Blackmagic Open Source Intelligence OSINTBlackmagic Open Source Intelligence OSINT
Blackmagic Open Source Intelligence OSINTSudhanshu Chauhan
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsCase IQ
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 

Viewers also liked (20)

2009 do d osint staff briefing
2009 do d osint staff briefing2009 do d osint staff briefing
2009 do d osint staff briefing
 
Competitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAECompetitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAE
 
OSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinOSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc Newlin
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistry
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and future
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition]
 
Blackmagic Open Source Intelligence OSINT
Blackmagic Open Source Intelligence OSINTBlackmagic Open Source Intelligence OSINT
Blackmagic Open Source Intelligence OSINT
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with python
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in Investigations
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 

Similar to Social engineering

Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGDrm Kapoor
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptxMouradAKenk
 
455845434-Chapter-2-Cyber-Security-pptx.pptx
455845434-Chapter-2-Cyber-Security-pptx.pptx455845434-Chapter-2-Cyber-Security-pptx.pptx
455845434-Chapter-2-Cyber-Security-pptx.pptxDrVPadmavathiAssocia
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceMehrdad Jingoism
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 
Security risk presentation
Security risk presentationSecurity risk presentation
Security risk presentationShanonNasoni
 
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...itnewsafrica
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detectionijtsrd
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptxTapan Khilar
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsSagar Rahurkar
 

Similar to Social engineering (20)

Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptx
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
 
455845434-Chapter-2-Cyber-Security-pptx.pptx
455845434-Chapter-2-Cyber-Security-pptx.pptx455845434-Chapter-2-Cyber-Security-pptx.pptx
455845434-Chapter-2-Cyber-Security-pptx.pptx
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
Security risk presentation
Security risk presentationSecurity risk presentation
Security risk presentation
 
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CSI-ZG-513
CSI-ZG-513CSI-ZG-513
CSI-ZG-513
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber frauds
 

Recently uploaded

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 

Recently uploaded (20)

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 

Social engineering

  • 1. About me – Gautam Devaraju @gautammd | India CISE | Analyst Social Engineering OSINT
  • 2. Social Engineering - What is it?  In the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
  • 3. Target – Information – Name – Arinze Akutekwe Nationality – Nigerian Age – 33 (Not confirmed) Occupation - Researcher in Computational Intelligence and Biometrics at Centre for Computational Intelligence (CCI) De Montfort University, Leicester.
  • 4. These information are used to launch the attack and deploy a backdoor for post exploitation. Information Analysis • Interested in Bioinformatics and Biomedicine. • Attended Bioinformatics and Biomedicine (BIBM); 2nd to 5th November 2014 at Hilton Belfast 4 Lanyon Place Belfast, BT1 3LP United Kingdom Tel. : +44-28-90277000 with Dr. Huseyin Seker • Presented on Particle Swarm Optimization-Based Bio-Network Discovery Method for the Diagnosis of Colorectal Cancer with Huseyin seker.
  • 5. Email Spoofing – E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. However, spoofing anyone other than yourself is illegal in some jurisdictions. Methods used in this Attack
  • 6.  Caller ID Spoofing – Caller ID spoofing is the practice of causing the telephone network to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. For example, a Caller ID display might display a phone number different from that of the telephone from which the call was placed.
  • 7.  Identity Theft - Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, usually as a method to gain access to resources or obtain credit and other benefits in that person's name.
  • 8. Attack Scenario Step 1 - Call Hilton Belfast Hotel on +44-28-90277000 and get name of the manager. (It can be done either by saying that you would like to talk about the service and give some appreciation about it or would like to complain about the service).
  • 9. Step 2 - Spoof manager email and phone number using any caller id spoofing service. Example - spoofcard.com, spooftel.com.
  • 10. Step 3 - Call Dr. Huseyin Seker on +44 (0)116 207 8404 impersonating the identity of hotel manager. Explain Dr. Huseyin Seker that Hilton Belfast is hosting another Workshop on Computational Intelligence for Biomedicine and Bioinformatics (CIBB) and request if he could present on Particle Swarm Optimization-Based Bio-Network Discovery Method for the Diagnosis of Colorectal Cancer with Arinze Akutekwe. In the end, ask him to inform Arinze Akutekwe that they would be receiving an email shortly with all the information about the event. Add that, He can find more information about the event over the website.
  • 11. Step 4 - After couple of hours send a spoofed email with email headers to be manager email (made up email should also work) which contains an attachment of pdf file binded to Trojan backdoor executable. Step 5- Once the system is infected and a reverse meterpreter session is opened, migrate into another process, clear the event logs and download all sensitive information.
  • 12. Post – Exploitation Examples  User Privilege Exploitation  Dig more into network for internal access  Keystrokes capture and dump
  • 13.
  • 14. References 1. Caller ID spoof. (2015). [image] Available at: http://pad2.whstatic.com/images/thumb/c/cf/Use-A- Spoof-Caller-ID-Step-1.jpg/670px-Use-A-Spoof-Caller-ID-Step-1.jpg [Accessed 12 Mar. 2015]. 2. Caller Id spoofing. (2015). [image] Available at: http://media.idownloadblog.com/wp- content/uploads/2011/08/Photo-Aug-21-11-50-18-AM-e1313946471782.png [Accessed 12 Mar. 2015]. 3. Email Spoofing. (2015). [image] Available at: http://michellgroup.com/wp- content/uploads/2014/02/email-spoofing.jpg [Accessed 12 Mar. 2015]. 4. Identity Theft. (2015). [image] Available at: http://www.cityofmadison.com/sites/default/files/events/images/identity-theft_full.gif [Accessed 12 Mar. 2015]. 5. Metasploit Meterpreter. (2015). [image] Available at: http://myciscoworld.com/wp- content/uploads/2013/03/metasploit-meterpreter1.png [Accessed 12 Mar. 2015]. 6. Social Engineer Call. (2015). [image] Available at: http://blog.malwarebytes.org/wp- content/uploads/2013/06/photodune-3396562-calling-m.jpg [Accessed 12 Mar. 2015]. 7. Any Questions. (2015). [image] Available at: http://i1275.photobucket.com/albums/y446/porschalink/Jasmine%20Porsche%20Centre/AnyQuestio ns_zps6309316a.jpg [Accessed 12 Mar. 2015].