Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Social Engineering (Because there is no patch for human stupidity)<br />By: Shobhit Gautam<br />Twitter @sh0bhit105<br />
What Is Social Engineering?<br />The art of manipulating people and getting them to do what you want.<br />“Social Enginee...
Common Types of Social Engineering<br />Human-based<br />Computer-based<br />
Personality Traits<br />Diffusion of responsibility<br />Chance for ingratiation<br />Trust relationship<br />Moral duty<b...
Techniques for persuasion<br />A Direct Route<br />	Systematic and logical statement<br />A Peripheral Route<br />	Beat ar...
Human Based methods<br />Impersonating <br />Intimidation<br />Creating confusion<br />May I help you?<br />Can you help m...
Computer Based<br />Popup Windows<br />Mail attachments<br />Spam, Chain Letters and Hoaxes<br />Phishing Websites<br />US...
Social Engineering Toolkit <br />The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solel...
./set<br />
How to Identify A Social Engineer?<br />Does not provide contact information<br />Always asks for forbidden information<br...
Mitigation<br />Shredders<br />Policies and Procedures<br />Awareness<br />Updated patches and Anti Viruses/Malwares<br />
NOW<br />
Upcoming SlideShare
Loading in …5
×

Social Engineering

1,676 views

Published on

Social Engineering by Shobhit Gautam @ null Mumbai Meet, September 2011

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Social Engineering

  1. 1. Social Engineering (Because there is no patch for human stupidity)<br />By: Shobhit Gautam<br />Twitter @sh0bhit105<br />
  2. 2. What Is Social Engineering?<br />The art of manipulating people and getting them to do what you want.<br />“Social Engineering - A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threat - used to attack information systems.” <br />"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. <br />
  3. 3. Common Types of Social Engineering<br />Human-based<br />Computer-based<br />
  4. 4. Personality Traits<br />Diffusion of responsibility<br />Chance for ingratiation<br />Trust relationship<br />Moral duty<br />Guilt<br />Identification<br />Desire to be Helpful<br />Cooperation<br />
  5. 5. Techniques for persuasion<br />A Direct Route<br /> Systematic and logical statement<br />A Peripheral Route<br /> Beat around the Bush<br /> Trigger strong emotions such as fear and excitement. <br />
  6. 6. Human Based methods<br />Impersonating <br />Intimidation<br />Creating confusion<br />May I help you?<br />Can you help me?<br />Building Trust<br />Ask and It shall be given unto you seek and ye shall find.<br />Dumpster Diving<br />
  7. 7. Computer Based<br />Popup Windows<br />Mail attachments<br />Spam, Chain Letters and Hoaxes<br />Phishing Websites<br />USB devices <br />Key loggers <br />
  8. 8. Social Engineering Toolkit <br />The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.<br />SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. <br /> It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.<br />
  9. 9.
  10. 10. ./set<br />
  11. 11. How to Identify A Social Engineer?<br />Does not provide contact information<br />Always asks for forbidden information<br />Rushing Activities <br />Name-dropping<br />Intimidation<br />Observe for Small mistakes<br />
  12. 12. Mitigation<br />Shredders<br />Policies and Procedures<br />Awareness<br />Updated patches and Anti Viruses/Malwares<br />
  13. 13. NOW<br />

×