Social Engineering

851 views

Published on

Learn about Human Hacking and the Art of social engineering. Learn a general overview of what is possible through some simple tools both technical and non-technical in nature. This presentation is aimed at educating the viewer into being more aware of what information they may be giving out even without knowing about it.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
851
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Elicitation : Process of extracting information from something or someone. Pretexting : The act of creating an invented scenario to persuade a targeted victim to release information or perform some action.
  • NLP: A model of interpersonal communication chiefly concerned with the relationship between successful patterns of behaviour and the subjective experiences underlying them.
  • Maltego is an open source intelligence and forensics application. It will offer you an interface for mining and gathering of information as well as the representation of this information in a easy to understand format. Coupled with its graphing libraries, Maltego allows you to identify key relationships between information and identify previously unknown relationships between them Maltego Mesh is a firefox plugin that helps analysts in quickly find useful information within a page, essentially it views the page you are looking at and tries to identify text within it that fits preset regular expressions. The 'entity' types will be within their own tab (for example all Email addresses) will be within the 'Email' tab and the amount of entities found will be within brackets behind the tab label. Maltego Mesh will only show entities found on the current page that you are viewing, however if you find an entity that you regard as interesting you can mark it by selecting the check box to the left of the entity and it will remember the pages that this entity was found and should it come up on another page it will then mark this as well. For example, if you found the name "Andrew MacPherson" within a page, marked this entity and then right clicked on it and searched for that name on another page if found it would be stored within the main "History" tab. The History Tab can then be used after you have gathered data to view all the pages that you have found your 'marked' entities on.
  • Demo Login to
  • Demo Login to
  • Social Engineering

    1. 1. SOCIAL ENGINEERINGTHE HUMAN HACKBy: Lance Howell
    2. 2. A LITTLE ABOUT ME…VERY LITTLE. •36 years old•BS in Information Systems Security•Interests: Information Security,Linux, web development, and generalhacking•Web Site: www.tech-heaven.net
    3. 3. WHAT DO YOU THINK OFiaronman/Conartistriminaloliticiansctor
    4. 4. STEPS OF AN ATTACKnformation Gatheringlicitationre-textingnfluencing Others• Reciprocation• Scarcity• Authority• Commitment and Consistency
    5. 5. PSYCHOLOGICAL PRINCIPLESTO STUDYodes of Thinkingye Cuesicro-Expressionseuro-Linguistic Programming (NLP)nterview and Interrogation
    6. 6. MICROEXPRESSIONShe small facial expressions and body language that can be used totell what a person is really thinking or what they are feeling aboutthe conversation.
    7. 7. EXAMPLES OFMICROEXPRESSIONS
    8. 8. ANGER1. Eyebrows are down andtogether.2. Eyes glare.3. Narrowing of lips.
    9. 9. CONTEMPT1. Lip corner tight and raised onone side of face.
    10. 10. DISGUST1. Narrowed eyes.2. Wrinkled nose3. Parted mouth
    11. 11. SAD1. Creased forehead.2. Eyes loosing focus.3. Downturned mouth.4. Wavering chin
    12. 12. FEAR1. Raised eyebrows and pulledtogether.2. Wide-open eyes.3. Tensed lower eyelids.4. Parted lips. Lips slightlystretched.
    13. 13. COMPUTER-BASED TOOLSaltego 3.0altego Mesh: Firefox Plug-in (No longer supported or updated)ocial Engineering Toolkit (SET): Good for E-Mail Based Attacks andPhishingommon User Password Profiler (CUPP)
    14. 14. MALTEGO 3.1ommunity Edition vs. Commercial Editionorks on Windows, MAC and Linuxrovides a graphical way to do several Linux commands
    15. 15. MALTEGO MASHWHY USE IT???reeelps you find information quickly within a large page (no need to readan entire blog that’s long to find an email addressuickly search on facebook with email addresses instead of having tobrowse to each site.ot being developed anymore.
    16. 16. DEMONSTRATION OFMALTEGO 3
    17. 17. SOCIAL ENGINEERINGTOOLKIT (SET)ool designed to perform advanced attacks against a person ororganization used during a penetration test.nder constant development (Be sure to update SET every couple ofdays) Current Version 3.3onfigure set_config file.ew version includes a web GUI
    18. 18. TYPES OF ATTACK VECTORS
    19. 19. SHODANHTTP://WWW.SHODANHQ.COM/earch Engine for connected machines.earch for computers that is connected to the internet based oncity, country, latitude/longitude, hostname, operating system andIP
    20. 20. DEMONSTRATION OFSHODAN
    21. 21. CREE.PY ISN’T IT Retrieves information from Twitter as well as Flickr Gather geolocation data from flickr, twitpic.com, yfrog.com,img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com,pickhur.com, moby.to, twitsnaps.com, and twitgoo.com Download it from http://ilektrojohn.github.com/creepy/
    22. 22. DEMONSTRATION OFCREE.PY
    23. 23. CLOSING COMMENTSays to protect yourself against attacksore resources to further your knowledge and education
    24. 24. WAYS TO PROTECT YOURSELFducate yourself and your staff on proper procedures whenanswering the phone, e-mail, and questioning people.o Not Click On Links in e-mails.ave training in social engineering techniques. (Even a newsletter isbetter than nothing)uestion people in your building that you do not know especially if
    25. 25. ADDITIONAL RESOURCESww.social-engineer.orgww.offensive-security.com/metasploit-unleashed/ww.secmaniac.comocial Engineering: The Art of Human Hacking by Chris Hadnagyo Tech Hacking by Johnny Long

    ×